Oracle SA_COMPONENTS
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Use this package to create, configure, and manage policy component compartments, groups, and levels.
AUTHID DEFINER
Dependencies
DBMS_DATAPUMP LBAC_STANDARD OLS$LAB
LBAC$USER_LIBT LBAC_UTL OLS$LAB_LIBT
LBAC_CACHE OLS$COMPARTMENTS OLS$LEVELS
LBAC_SERVICES OLS$GROUPS  
Documented No
First Available 10.1
Security Model Owned by LBACSYS with no privileges granted.

In addition to the execute privilege on this package the user must also be granted the POLICY_DBA role using SA_DBA.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
ALTER_COMPARTMENT
Alter a compartment's short and long name

Overload 1
sa_components.alter_compartment(
policy_name    IN VARCHAR2,
comp_num       IN NUMBER,
new_short_name IN VARCHAR2,
new_long_name  IN VARCHAR2);
exec sa_components.alter_compartment('DATA_ACCESS', 100, 'DV', 'DIVESTITURES');
Alter a compartment's short and long name

Overload 2
sa_components.alter_compartment(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_compartment('DATA_ACCESS', 200, 'IT', 'INFORMATION TECH');
 
ALTER_GROUP
Alter a label category identified by group number

Overload 1
sa_components.alter_group(
policy_name    IN VARCHAR2,
group_num      IN NUMBER,
new_short_name IN VARCHAR2,
new_long_name  IN VARCHAR2);
exec sa_components.alter_group('DATA_ACCESS', 10, 'IN', 'INVESTORS');
Alter a label category identified by short name

Overload 2
sa_components.alter_group(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_group('DATA_ACCESS', 20, 'BD', 'DIRECTORS');
 
ALTER_GROUP_PARENT
Alter a group's parent number identified by group number

Overload 1
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
group_num       IN NUMBER,
new_parent_num  IN NUMBER);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 10);
Alter a group's parent identified by parent group name

Overload 2
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
group_num       IN NUMBER,
new_parent_name IN VARCHAR2);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 'BD');
Alter a group's parent identified by new parent short name

Overload 3
sa_components.alter_group_parent(
policy_name     IN VARCHAR2,
short_name      IN VARCHAR2,
new_parent_name IN VARCHAR2);
exec sa_components.alter_group_parent('DATA_ACCESS', 20, 'EM', 'BD');
 
ALTER_LEVEL
Alter a level's short and long name

Overload 1
sa_components.alter_level(
policy_name    IN VARCHAR2
level_num      IN NUMBER
new_short_name IN VARCHAR2
new_long_name  IN VARCHAR2);
exec sa_components.alter_level('DATA_ACCESS', 1, 'E', 'EMPLOYEES');
Alter a level's short and long name

Overload 2
sa_components.alter_level(
policy_name   IN VARCHAR2,
short_name    IN VARCHAR2,
new_long_name IN VARCHAR2);
exec sa_components.alter_level('DATA_ACCESS', 'S', 'SECRET');
 
CREATE_COMPARTMENT
Define label categories sa_components.create_compartment(
policy_name IN VARCHAR2,
comp_num    IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2);
exec sa_components.create_compartment('DATA_ACCESS', 100, 'MA', 'MERGERS_ACQUISITIONS');
exec sa_components.create_compartment('DATA_ACCESS', 200, 'IS', 'INFORMATION SYSTEMS');
exec sa_components.create_compartment('DATA_ACCESS', 300, 'FA', 'FINANCES_ASSETS');
exec sa_components.create_compartment('DATA_ACCESS', 900, 'AO', 'ALL_OTHERS');
 
CREATE_GROUP
Define groups with data ownership or access sa_components.create_group(
policy_name IN VARCHAR2,
group_num   IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2,
parent_name IN VARCHAR2);
exec sa_components.create_group('DATA_ACCESS', 10, 'BD', 'BOARD_OF_DIR');
exec sa_components.create_group('DATA_ACCESS', 20, 'EM', 'EXEC_MGMT');
exec sa_components.create_group('DATA_ACCESS', 30, 'SM', 'SR_MGMT');
exec sa_components.create_group('DATA_ACCESS', 40, 'IT', 'IT_ADMINS');
exec sa_components.create_group('DATA_ACCESS', 90, 'OP', 'OTHER_PERSONNEL');
 
CREATE_LEVEL
Define a sensitivity level sa_components.create_level(
policy_name IN VARCHAR2,
level_num   IN NUMBER,
short_name  IN VARCHAR2,
long_name   IN VARCHAR2);
exec sa_components.create_level('DATA_ACCESS', 1, 'I', 'INTERNAL');
exec sa_components.create_level('DATA_ACCESS', 2, 'C', 'CONFIDENTIAL');
exec sa_components.create_level('DATA_ACCESS', 9, 'P', 'PUBLIC');
 
DROP_COMPARTMENT
Drop a compartment identified by its compartment name

Overload 1
sa_components.drop_compartment(
policy_name IN VARCHAR2,
comp_num    IN NUMBER);
exec sa_components.drop_compartment('DATA_ACCESS', 300);
Drop a compartment identified by its short name

Overload 2
sa_components.drop_compartment(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_compartment('DATA_ACCESS', 'AO');
 
DROP_GROUP
Drop a group identified by group number

Overload 1
sa_components.drop_group(
policy_name IN VARCHAR2,
group_num   IN NUMBER);
exec sa_components.drop_group('DATA_ACCESS', 30);
Drop a group identified by short name

Overload 2
sa_components.drop_group(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_group('DATA_ACCESS', 'BD');
 
DROP_LEVEL
Drop a level identified by level number

Overload 1
sa_components.drop_level(
policy_name IN VARCHAR2,
level_num   IN NUMBER);
exec sa_components.drop_level('DATA_ACCESS', 1);
Drop a level identified by short name

Overload 2
sa_components.drop_level(
policy_name IN VARCHAR2,
short_name  IN VARCHAR2);
exec sa_components.drop_level('DATA_ACCESS', 2);

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC$SA_LABELS
LBAC_EVENTS
LBAC_EXP
LBAC_LGSTNDBY_UTIL
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx