Oracle SA_SESSION
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Use this package to manages user name, levels, labels, and read and write permissions for the current session.
AUTHID DEFINER
Dependencies
ALL_SA_COMPARTMENTS ALL_SA_USER_PRIVS OLS$POL
ALL_SA_GROUPS DBMS_MACOLS OLS$SESSINFO
ALL_SA_GROUP_HIERARCHY DBMS_MACOLS_SESSION OLS$SESSION_LIBT
ALL_SA_LEVELS DBMS_STANDARD OLS$USER_LEVELS
ALL_SA_USERS LBAC_CACHE SA_UTL
ALL_SA_USER_COMPARTMENTS LBAC_LGSTNDBY_UTIL USER_SA_SESSION
ALL_SA_USER_GROUPS LBAC_STANDARD V_$INSTANCE
ALL_SA_USER_LABELS OLS$LAB V_$OPTION
ALL_SA_USER_LEVELS    
Documented Yes: In Label Security Administration doc
First Available 10.1
Security Model Owned by LBACSYS with EXECUTE granted to PUBLIC and DVSYS.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
COMP_READ MAX_WRITE_LABEL SAVE_DEFAULT_LABELS
COMP_WRITE MIN_LEVEL SA_USER_NAME
GROUP_READ PRIVS SET_ACCESS_PROFILE
GROUP_WRITE READ_LABEL SET_LABEL
LABEL RESTORE_DEFAULT_LABELS SET_ROW_LABEL
MAX_LEVEL ROW_LABEL WRITE_LABEL
MAX_READ_LABEL    
 
COMP_READ
Returns a comma-delimited list of compartments that the user is authorized to read sa_session.comp_read(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT * FROM all_sa_policies;

SELECT sa_session.comp_read('DATA_ACCESS')
FROM dual;
 
COMP_WRITE
Returns a comma-delimited list of compartments to which the user is authorized to write sa_session.comp_write(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT * FROM all_sa_policies;

SELECT sa_session.comp_write('DATA_ACCESS')
FROM dual;
 
GROUP_READ
Returns a comma-delimited list of groups that the user is authorized to read sa_session.group_read(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.group_read('DATA_ACCESS')
FROM dual;
 
GROUP_WRITE
Returns a comma-delimited list of groups that the user is authorized to write sa_session.group_write(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.group_write('DATA_ACCESS')
FROM dual;
 
LABEL
Returns the label associated with the specified policy for the current session sa_session.label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.label('DATA_ACCESS')
FROM dual;
 
MAX_LEVEL
Returns the session's maximum authorized level sa_session.max_level(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_level('DATA_ACCESS')
FROM dual;
 
MAX_READ_LABEL
Returns the label string that was used to initialize the session's maximum authorized read label composed of the maximum level, compartments and groups authorized for read access sa_session.max_read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_read_label('DATA_ACCESS')
FROM dual;
 
MAX_WRITE_LABEL
Returns the label string that was used to initialize the session's maximum authorized write label composed of the maximum level, compartments and groups authorized for write access sa_session.max_write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_write_label('DATA_ACCESS')
FROM dual;
 
MIN_LEVEL
Returns the session's minimum authorized level sa_session.min_level(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.min_level('DATA_ACCESS')
FROM dual;
 
PRIVS
Returns the current session's privileges as a comma-delimited list sa_session.privs(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.privs('DATA_ACCESS')
FROM dual;
 
READ_LABEL
Undocumented sa_session.read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.read_label('DATA_ACCESS')
FROM dual;
 
RESTORE_DEFAULT_LABELS
Restores session and row labels to match the values stored in the data dictionary by SA_SESSION.SET_LABEL sa_session.restore_default_labels(policy_name IN VARCHAR2);
exec sa_session.restore_default_labels(policy_name IN VARCHAR2);
 
ROW_LABEL
Returns the name of the row label that is associated with the policy for the current session sa_session.row_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.row_label('DATA_ACCESS')
FROM dual;
 
SAVE_DEFAULT_LABELS
Stores the current session label and row label as the session's initial session label and default row label. Permits changing defaults to reflect the current session label and row label. Saved labels are used as the initial default settings for future sessions. sa_session.save_default_labels(policy_name IN VARCHAR2);
exec sa_session.save_default_labels(policy_name IN VARCHAR2);
 
SA_USER_NAME
Returns the name of the OLS user as set by SET_ACCESS_PROFILE or as established at login. sa_session.sa_user_name(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.sa_user_name('DATA_ACCESS')
FROM dual;
 
SET_ACCESS_PROFILE
Sets session OLS authorizations and privileges to those of the specified user.

The session executing SET_ACCESS_PROFILE procedure must have the PROFILE_ACCESS privilege.		 sa_session.set_access_profile(
poliy_name IN VARCHAR2,
user_name  IN VARCHAR2);
exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','EXTERNAL_NAME');

exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','PROXY_USER');

exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','CLIENT_IDENTIFIER');
 
SET_LABEL
Sets the label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2);
exec sa_session.set_label('DATA_ACCESS', 'C::IA::IS');
 
SET_ROW_LABEL
Sets the row label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_row_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2);
exec sa_session.set_row_label('DATA_ACCESS', 'P::OP::AO');
 
WRITE_LABEL
Sets the write label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.write_label('DATA_ACCESS')
FROM dual;

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC$SA_LABELS
LBAC_CACHE
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx