Re: Row Level Security in 8.1.6 ?

Just a small note for those who are interested.

Description

This article is a FAQ/common problem list for Trusted Oracle. It is based on version 7.2.3 which is the last version of V7. Please note that there is no version 7.3.X or 8.0.X planned but a Beta version of Trusted 8.1.6 is scheduled for 4/00 (this schedule as of 1/00).    

1. Just what is Trusted Oracle, anyway?
2. Is it a seperate product or an overlay?
3. What platforms does it run on?
4. Who would want to use it?
5. What are it's advantages?
6. ora 205 on startup.
7. ora 7269 on startup.
8. Networking problems
9. Just what is Trusted Oracle, anyway?

Trusted Oracle is a product compliant with government security regulations set forth in the Trusted Computing Test and Evaluation Criteria (the "Orange Book") and the Trusted Database Specifications and Criteria (the "Purple Book") written by NSA in the early 1980's. It is certified to protect classified data at a B1 level.  

2. Is it a seperate product or an overlay?  

It is a seperate product and in fact cannot run on normal UNIX platforms. It requires some security definitions found only in Trusted Operating Systems such as Trusted Solaris or Trusted HPUX.  

3. What platforms does it run on?  

It currently runs on four platforms. These are Trusted HP-UX CMW, Trusted Solaris, Dec MLS+, and Trusted DG-UX.  

4. Who would want to use it?  

Anyone who wants their final application certified by NSA at a B1 level. In general, mostly military contractors.  

5. What are it's advantages?  

It provides what's called data seperation, which allows for a user not cleared to see data in a table to see only parts of the data which you allow, without the necessity for views and extra columns in where clauses. For instance, if you select * from a Trusted Oracle table in which you only cleared to see 2 of 3 existing rows, Oracle will only show you those 2.  

6. Ora 205 on startup.  

Trusted Oracle must be started by a user operating at the highest security clearance level of the database. If you try to start it from a lower clearance you cannot see the controlfiles which are labelled at the high clearance and so you cannot read them and will get ora 205.  

7. Ora 7269 on startup  

This happens frequently after a failed startup but no semaphores or shared memory show up. This is probably because an attempt was made to start the database at a low level and so semaphores or shared memory were allocated at that level. They can only be seen by a person operating at that level and so do not show up if you are operating at the level needed to start the database.  

8. Networking problems  

This is the most common problem in Trusted Oracle and is almost always an OS level network setup problem. Trusted networking is very difficult to set up on the OS level. Once it's set up, SQL*Net usually runs fine. Make sure the customer can ping BOTH ways between machines. If they cannot, have them set up the OS properly.

regards
Srivenu Received on Wed Mar 17 2004 - 05:58:03 CST