Oracle SA_COMPONENTS
Version 20c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Use this package to create, configure, and manage policy component compartments, groups, and levels.

Note: This page has been posted prior to the GA release of 20c. It will be completed once we have access to the release version.
AUTHID DEFINER
Dependencies
DBMS_DATAPUMP LBAC_STANDARD OLS$LAB
LBAC$USER_LIBT LBAC_UTL OLS$LAB_LIBT
LBAC_CACHE OLS$COMPARTMENTS OLS$LEVELS
LBAC_SERVICES OLS$GROUPS OLS_DIP_NTFY
Documented No
First Available 10.1
Security Model Owned by LBACSYS with no privileges granted.

In addition to the execute privilege on this package the user must also be granted the POLICY_DBA role using SA_DBA.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
ALTER_COMPARTMENT
Alter a compartment's short and long name

Overload 1
sa_components.alter_compartment(
policy_name    IN VARCHAR2,
comp_num       IN NUMBER,
new_short_name IN VARCHAR2,
new_long_name  IN VARCHAR2);
exec sa_components.alter_compartment('DATA_ACCESS', 100, 'DV', 'DIVESTITURES');
Alter a compartment's short and long name

Overload 2
sa_components.alter_compartment(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_compartment('DATA_ACCESS', 200, 'IT', 'INFORMATION TECH');
 
ALTER_GROUP
Alter a label category identified by group number

Overload 1
sa_components.alter_group(
policy_name    IN VARCHAR2,
group_num      IN NUMBER,
new_short_name IN VARCHAR2,
new_long_name  IN VARCHAR2);
exec sa_components.alter_group('DATA_ACCESS', 10, 'IN', 'INVESTORS');
Alter a label category identified by short name

Overload 2
sa_components.alter_group(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_group('DATA_ACCESS', 20, 'BD', 'DIRECTORS');
 
ALTER_GROUP_PARENT
Alter a group's parent number identified by group number

Overload 1
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
group_num       IN NUMBER,
new_parent_num  IN NUMBER);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 10);
Alter a group's parent identified by parent group name

Overload 2
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
group_num       IN NUMBER,
new_parent_name IN VARCHAR2);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 'BD');
Alter a group's parent identified by new parent short name

Overload 3
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
short_name      IN VARCHAR2,
new_parent_name IN VARCHAR2);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 'EM', 'BD');
 
ALTER_LEVEL
Alter a level's short and long name

Overload 1
sa_components.alter_level(
policy_name    IN VARCHAR2
level_num      IN NUMBER
new_short_name IN VARCHAR2
new_long_name  IN VARCHAR2);
exec sa_components.alter_level('DATA_ACCESS', 1, 'E', 'EMPLOYEES');
Alter a level's short and long name

Overload 2
sa_components.alter_level(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_level('DATA_ACCESS', 'S', 'SECRET');
 
CREATE_COMPARTMENT
Define label categories sa_components.create_compartment(
policy_name IN VARCHAR2,
comp_num    IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2);
exec sa_components.create_compartment('DATA_ACCESS', 100, 'MA', 'MERGERS_ACQUISITIONS');
exec sa_components.create_compartment('DATA_ACCESS', 200, 'IS', 'INFORMATION SYSTEMS');
exec sa_components.create_compartment('DATA_ACCESS', 300, 'FA', 'FINANCES_ASSETS');
exec sa_components.create_compartment('DATA_ACCESS', 900, 'AO', 'ALL_OTHERS');
 
CREATE_GROUP
Define groups with data ownership or access sa_components.create_group(
policy_name IN VARCHAR2,
group_num   IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2,
parent_name IN VARCHAR2);
exec sa_components.create_group('DATA_ACCESS', 10, 'BD', 'BOARD_OF_DIR');
exec sa_components.create_group('DATA_ACCESS', 20, 'EM', 'EXEC_MGMT');
exec sa_components.create_group('DATA_ACCESS', 30, 'SM', 'SR_MGMT');
exec sa_components.create_group('DATA_ACCESS', 40, 'IT', 'IT_ADMINS');
exec sa_components.create_group('DATA_ACCESS', 90, 'OP', 'OTHER_PERSONNEL');
 
CREATE_LEVEL
Define a sensitivity level sa_components.create_level(
policy_name IN VARCHAR2,
level_num   IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2);
exec sa_components.create_level('DATA_ACCESS', 1, 'I', 'INTERNAL');
exec sa_components.create_level('DATA_ACCESS', 2, 'C', 'CONFIDENTIAL');
exec sa_components.create_level('DATA_ACCESS', 9, 'P', 'PUBLIC');
 
DROP_COMPARTMENT
Drop a compartment identified by its compartment name

Overload 1
sa_components.drop_compartment(
policy_name IN VARCHAR2,
comp_num    IN NUMBER);
exec sa_components.drop_compartment('DATA_ACCESS', 300);
Drop a compartment identified by its short name

Overload 2
sa_components.drop_compartment(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_compartment('DATA_ACCESS', 'AO');
 
DROP_GROUP
Drop a group identified by group number

Overload 1
sa_components.drop_group(
policy_name IN VARCHAR2,
group_num   IN NUMBER);
exec sa_components.drop_group('DATA_ACCESS', 30);
Drop a group identified by short name

Overload 2
sa_components.drop_group(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_group('DATA_ACCESS', 'BD');
 
DROP_LEVEL
Drop a level identified by level number

Overload 1
sa_components.drop_level(
policy_name IN VARCHAR2,
level_num   IN NUMBER);
exec sa_components.drop_level('DATA_ACCESS', 1);
Drop a level identified by short name

Overload 2
sa_components.drop_level(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_level('DATA_ACCESS', 2);

Related Topics
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx