This content has been marked as final. Show 3 replies
If you have access to My Oracle Support, we have a new patch released that provides an option for triple-level Oracle Label Security. We consider this option to be easier to use and more performant (especially w.r.t running inference in the presence of OLS) than the resource-level RDF OLS. For instance, there is no need to explicitly or implicitly assign labels to individual resources with this option. You can email me at vladimir dot kolovski at oracle dot com for more information.
If you don't want (or can't) to use the patch, then here's some more information on the 126.96.36.199 handling of RDF OLS. In general, the Oracle RDF store has application tables and an internal table to store the triples. RDF OLS is only applied to the internal table (this is what SEM_MATCH queries against).
So, if you're using SEM_MATCH to retrieve data, you don't need to apply OLS to the application table. Now, the reason you can't see those triples using SEM_MATCH is that triples with null labels are not visible by anybody other than policy DBAs. I would suggest to applying the ols policy (apply_ols_policy) first, then inserting the triples.
I'll give the patch a shot. What I did notice is that once I applied the policy using apply_ols_policy, I could not insert any triples. I kept getting policy violations no matter what user. First I tried inserting as rdf_data_store user when that didn't work I tried lbacsys, mdsys and sys. All got the same error.
Is the label policy supposed to be applied using SA_POLICY_ADMIN.APPLY_TABLE_POLICY as well as sem_rdfsa.apply_ols_policy? Didn't see much in the docs. I did try both ways however and same results. I am not at work so I cannot give specific error messages. I'll touch base tomorrow. Thanks for the response!
Forget the 2nd part of my last post. I read your post a little more slowly and see that the policy does not have to be applied to the table if using apply_ols_policy.