Re: Label Security: Maybe I missed another naming but ...

"Yong Huang" <yong321_at_yahoo.com> wrote in message news:35452e28c01b942131345e7259db17b5.99975_at_mygate.mailgate.org...
> The online article is at
> http://otn.oracle.com/oramag/oracle/03-jul/o43security.html
>
> What's the advantage of this technology over row-level security?
>
> Yong Huang
>

It *is* Row-Level Security. Well, what I mean is that it only works as a product because of the existence of RLS (or FGAC or VPD or whatever you want to call it).

When you install Label Security, in a sense, you simply install a set of packages and scripts which (a) automate the addition of label columns to selected tables in your database and (b) automate the production of the policies on those tables which append where clauses to submitted queries and (c) an infrastructure to manage the thing using GUI tools.

It is, in other words, merely a very complex implementation of RLS... so complex, that you'd take an age to knock it up yourself.

It's a replacement for Trusted Oracle, which itself used RLS technology. But TO had to be installed on a certified, locked down O/S (IIRC), because it was intended for use by spooks and military brass; whereas Label Security is being touted as much more applicable to 'ordinary' businesses, for handling things related to workflow issues (The Managing Director can share the same database as the Hoi Polloi, but only the MD can delete this row, whereas the HP can't even see it... that sort of thing).

Regards
HJR Received on Mon Sep 08 2003 - 15:35:54 CDT