Oracle LBAC_CACHE
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Undocumented Label Security support utilities.
AUTHID DEFINER
Dependencies
ALL_SA_AUDIT_OPTIONS DBA_LBAC_TABLE_POLICIES LBAC_SERVICES
ALL_SA_COMPARTMENTS DBA_SA_AUDIT_OPTIONS LBAC_SESSION
ALL_SA_DATA_LABELS DBA_SA_DATA_LABELS LBAC_STANDARD
ALL_SA_GROUPS DBA_SA_POLICIES LBAC_SYSDBA
ALL_SA_GROUP_HIERARCHY DBA_SA_SCHEMA_POLICIES LBAC_UTL
ALL_SA_LABELS DBA_SA_TABLE_POLICIES OID_ENABLED
ALL_SA_LEVELS DBA_SA_USERS OLS$DATAPUMP
ALL_SA_POLICIES DBA_SA_USER_LABELS OLS_DIP_NTFY
ALL_SA_PROGRAMS DBA_SA_USER_PRIVS ORA_GET_AUDITED_LABEL
ALL_SA_PROG_PRIVS DBMS_ASSERT PRIVS_TO_CHAR
ALL_SA_SCHEMA_POLICIES DBMS_SESSION PRIVS_TO_CHAR_N
ALL_SA_TABLE_POLICIES DBMS_UTILITY SA$POL
ALL_SA_USERS LBAC$CACHE_LIBT SA_AUDIT_ADMIN
ALL_SA_USER_COMPARTMENTS LBAC$SA SA_COMPONENTS
ALL_SA_USER_GROUPS LBAC$SA_LABELS SA_LABEL_ADMIN
ALL_SA_USER_LABELS LBAC_EVENTS SA_SESSION
ALL_SA_USER_LEVELS LBAC_EXP SA_USER_ADMIN_INT
ALL_SA_USER_PRIVS LBAC_LGSTNDBY_UTIL SA_UTL
DBA_LBAC_POLICIES LBAC_POLICY_ADMIN_INT TO_LABEL_LIST
DBA_LBAC_SCHEMA_POLICIES    
Documented Not in the docs but there is limited information at support.oracle.com
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available Not known
Security Model Owned by LBACSYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
BYPASSALL
Undocumented lbac_cache.bypassAll(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
BYPASSREAD
Undocumented lbac_cache.bypassRead(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CACHE_TAGS
Undocumented lbac_cache.cache_tags(refresh IN BOOLEAN);
exec lbacsys.lbac_cache.cache_tags(TRUE);

PL/SQL procedure successfully completed.
 
CACHE_TAGS_INV
Undocumented lbac_cache.cache_tags_inv(polid IN BINARY_INTEGER);
TBD
 
CANONICALIZE_IDENTIFIER
Undocumented lbac_cache.canonicalize_identifier(
name      IN  VARCHAR2,
parameter IN  VARCHAR2,
result    OUT VARCHAR2);
TBD
 
CHECK_POLICYADMIN
Undocumented lbac_cache.check_policyAdmin(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CHECK_POLICYROLE
Undocumented lbac_cache.check_policyRole(
policy_name  IN VARCHAR2,
audit_action IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD
 
CHECK_POLICYSUBSCRIBED
Undocumented lbac_cache.check_policySubscribed(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
COLUMN_NAME
Undocumented lbac_cache.column_name(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
FAILEDSTARTUP
Undocumented lbac_cache.failedStartup(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
GET_UNIQUE_ID
Undocumented lbac_cache.get_unique_id RETURN VARCHAR2;
SELECT lbac_cache.get_unique_id
FROM dual;

SELECT NVL(lbacsys.lbac_cache.get_unique_id, 'Problem!') AS UID
FROM dual;
 
INVERSE_GROUP
Undocumented lbac_cache.inverse_group(pol_number IN BINARY_INTEGER) RETURN BOOLEAN;
TBD
 
IS_DIP_SET
Undocumented lbac_cache.is_dip_set RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_dip_set THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 316
ORA-06512: at line 2
 
IS_FAILOVER
Clearly "FAILOVER" is not just a reference to RAC though it may well be RAC related lbac_cache.is_failover RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_failover THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 452
ORA-06512: at line 2
 
IS_OID_CONFIGURED
Returns TRUE if Oracle Identity Management is configured, else FALSE lbac_cache.is_oid_configured RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_oid_configured THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OLS_ENABLED
Returns TRUE if Oracle Label Security is configured, else FALSE lbac_cache.is_ols_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_ols_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OP_ALLOWED_LOGICAL
Undocumented lbac_cache.is_op_allowed_logical;
exec lbacsys.lbac_cache.is_op_allowed_logical;

PL/SQL procedure successfully completed.
 
IS_RAC_ENABLED
Undocumented lbac_cache.is_rac_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_rac_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 439
ORA-06512: at line 2
 
MAX_SES_POLICY_ID
Undocumented lbac_cache.max_ses_policy_id RETURN BINARY_INTEGER;
SELECT lbacsys.lbac_cache.max_ses_policy_id
FROM dual;
SELECT lbacsys.lbac_cache.max_ses_policy_id
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 173
 
OID_ENABLED
Returns TRUE if Oracle Identity Management is enabled but fails with an exception if it is not

Note: OID_ENABLED is also a wrapped stand-alone PL/SQL function owned by LBACSYS that it appears is called by this function
lbac_cache.oid_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.oid_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 292
ORA-06512: at line 2
 
OID_SUBSCRIBE
Undocumented lbac_cache.oid_subscribe(policy_name IN VARCHAR2);
TBD
 
OID_UNSUBSCRIBE
Undocumented lbac_cache.oid_unsubscribe(policy_name IN VARCHAR2);
TBD
 
OPTION_NUMBER
Undocumented lbac_cache.option_number(options IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
OPTION_STRING
Undocumented lbac_cache.option_string(options IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in catolsddv.sql

CREATE OR REPLACE VIEW LBACSYS.dba_lbac_policies
(policy_name, column_name, package, status, policy_options, policy_subscribed) AS
SELECT pol_name, column_name, package,
       DECODE(BITAND(flags,1),0,'DISABLED',1,'ENABLED','ERROR'),
       lbacsys.lbac_cache.option_string(options),
       DECODE(BITAND(flags,16),0,'FALSE',16,'TRUE','ERROR')
FROM LBACSYS.ols$pol;
 
OPTION_STRING_IMP
Undocumented lbac_cache.option_string_imp(options IN BINARY_INTEGER) RETURN VARCHAR2;
TBD
 
PACKAGE
Undocumented lbac_cache.package(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
POLICYEXISTS
Undocumented lbac_cache.policyExists(policy_name IN VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.policyExists('ZZYZX') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 144
ORA-06512: at line 2
 
POLICY_NAME
Returns the policy name corresponding to a policy identifier lbac_cache.policy_name(policy_id IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in database catolsddv.sql

CREATE OR REPLACE VIEW LBACSYS.all_sa_levels AS
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsysS.sa$pol p, lbacsys.ols$levels l
WHERE p.pol# = l.pol#
AND p.pol# IN (
  SELECT pol#
  FROM lbacsys.sa$admin
  WHERE usr_name = SYS_CONTEXT('USERENV', 'CURRENT_USER'))
UNION
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsys.sa$pol p, lbacsys.ols$levels l, lbacsys.ols$user_levels ul
WHERE p.pol# = l.pol#
AND l.pol# = ul.pol#
AND l.level# <= ul.max_level
AND ul.usr_name =
    lbacsys.sa_session.sa_user_name(lbacsys.lbac_cache.policy_name(ul.pol#));
 
POL_NUMBER
Returns the policy identifier corresponding to a policy name lbac_cache.pol_number(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
SET_ALTER_ALLOW
Undocumented lbac_cache.set_alter_allow(allow IN NUMBER);
TBD
 
SET_DIP_FLAG
Undocumented lbac_cache.set_dip_flag(dip_flag IN BINARY_INTEGER);
exec lbacsys.lbac_cache.set_dip_flag(1);
BEGIN lbacsys.lbac_cache.set_dip_flag(1); END;
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 305
ORA-06512: at line 1
 
STORE_DEFAULT_OPTIONS
Undocumented lbac_cache.store_default_options(
policy_name     IN VARCHAR2,
default_options IN BINARY_INTEGER);
TBD
 
UPDATE_PROPS_TABLE
Undocumented lbac_cache.update_props_table(
ols_oid IN BINARY_INTEGER,
remove  IN BOOLEAN);
exec lbacsys.lbac_cache.update_props_table(0, TRUE);

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_RLS
LBAC_STANDARD
LBAC_SYSDBA
SA_SESSION
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2021 Daniel A. Morgan All Rights Reserved
  DBSecWorx