Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 536.4K On-Premises Infrastructure
- 138.3K Analytics Software
- 38.6K Application Development Software
- 5.8K Cloud Platform
- 109.5K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
Oracle Label Security, SET_COMPARTMENTS
Hi,
I'm trying to learn Oracle Label Security. I build a minimalist example with only one Level ('S' for standard), only one compartment ('DSP') and without groups.
There are two users, 'admin' and 'user'.
'admin' should have read/write access, 'user' should have read-only access.
Therefore I call SA_USER_ADMIN.SET_COMPARTMENTS like this:
SA_USER_ADMIN.SET_COMPARTMENTS(
POLICY_NAME => 'mypolicy',
USER_NAME => 'admin',
READ_COMPS => 'DSP',
WRITE_COMPS => 'DSP'
);
The call for 'user' is almost the same, but without WRITE_COMPS, because he shouldn't have any write access. But he can write without problem! The OLS Admin guide says: "If write_comps are NULL, then they are set to the read_comps." This is totally confusing for me. Why does 'null' default to 'all'? How can I have a user without write access?
Bonus question: is the policy editor only available in Enterprise Edition, or also in Oracle 18 XE?