Index

A B C D E F G H I L M N O P R S T U V W

A

access control

discretionary, 1.1.3.1, 1.1.3.3, 3.5.4

label-based, 1.3.3, 1.3.4.5

policies, 1.1.2

understanding, 3

access mediation

and views, 3.5.5

enforcement options, 3.5.7

introduction, 3.1

label evaluation, 3.4

program units, 3.5.6

ADD_COMPARTMENTS function, 8.2.5, 8.2.5, 8.2.5, 8.2.5

ADD_GROUPS procedure, 8.2.8

inverse groups, 15.8.3

ALL_CONTROL option, 9.1.1, 9.1.1, 9.1.1, 9.1.5

ALL_SA_AUDIT_OPTIONS view, E.1.2.1

ALL_SA_COMPARTMENTS view, E.1.2.2

ALL_SA_DATA_LABELS view, E.1.2.3

ALL_SA_GROUPS view, E.1.2.4

ALL_SA_LABELS view, E.1.2.5

ALL_SA_LEVELS view, E.1.2.6

ALL_SA_POLICIES view, E.1.2.7

ALL_SA_PROG_PRIVS view, E.1.2.8

ALL_SA_SCHEMA_POLICIES view, E.1.2.9

ALL_SA_TABLE_POLICIES view, E.1.2.10

ALL_SA_USER_LABELS view, E.1.2.12

ALL_SA_USER_LEVELS view, E.1.2.13

ALL_SA_USER_PRIVS view, E.1.2.14

ALL_SA_USERS view, E.1.2.11

ALTER_COMPARTMENT procedure, 7.5.6

ALTER_COMPARTMENTS procedure, 8.2.4

ALTER_GROUP procedure, 7.5.9

ALTER_GROUP_PARENT

inverse groups, 15.8.10

ALTER_GROUP_PARENT procedure, 7.5.10

ALTER_GROUPS function, 8.2.9

ALTER_GROUPS procedure

inverse groups, 15.8.4

ALTER_LABEL function, 7.6.2

ALTER_LEVEL procedure, 7.5.1, 7.5.3

ALTER_POLICY procedure, 7.4.5

inverse groups, 15.8.2

ALTER_SCHEMA_POLICY procedure, 10.3, 10.5.2

ANALYZE command, 14.4.1

APPLY_SCHEMA_POLICY procedure, 10.3, 10.5.1

with inverse groups, 15.3.1

APPLY_TABLE_POLICY procedure, 10.3, 10.4.1

with inverse groups, 15.3.1

architecture, Oracle Label Security, 1.1.3.3

AS SYSDBA clause, 14.5

AUDIT procedure, 12.3.2

AUDIT_LABEL procedure, 12.4.1, 12.4.3

AUDIT_LABEL_ENABLED function, 12.4.3

AUDIT_TRAIL parameter, 12.2

auditing

audit trails, 1.1.3.3, 12.1, 12.2, 12.5.1

options for Oracle Label Security, 12.3.1

Oracle Label Security, 12, 12.1

security and, 12.3.2

strategy, 12.6.1

systemwide, 12.2

types of, 7.1.7

views, 12.5.1

B

B-tree indexes, 14.4.2

C

CHAR_TO_LABEL function, 5.3.1, 5.5.1, 5.5.5

characters, valid, 2.2.1, 2.2.1, 7.4.3

CHECK_CONTROL option

and label update, 9.4.2, 9.4.3

and labeling functions, 9.3.1

definition, 9.1.1, 9.1.1

with other options, 9.1.6

CHECK_LABEL_CHANGE function, 11.4.2.3

CHECK_READ function, 11.4.2.1

CHECK_WRITE function, 11.4.2.2

child rows

deleting, 9.5

inserting, 9.3.3

updating, 9.4.4

Common Criteria, 1.1.1

COMP_READ function, 5.6.6.2

COMP_WRITE function, 5.6.6.2

COMPACCESS privilege, 3.5.1, 3.5.2.3

inverse groups, 15.3.5, 15.6

compartments

definition, 2.2.3

example, 2.2.3

setting authorizations, 3.3.1.2

COMPATIBLE parameter, 14.5

components. See label components

CON, B.2

connection parameters, B.2

CREATE FUNCTION statement, 11.3.1

CREATE PACKAGE BODY statement, 11.3.1

CREATE PACKAGE statement, 11.3.1

CREATE PROCEDURE statement, 11.3.1

CREATE TABLE AS SELECT statement, E.2.1

CREATE_COMPARTMENT procedure, 7.5.5

CREATE_GROUP procedure, 7.5.8

inverse groups, 15.8.9

CREATE_LABEL procedure, 7.6.1

CREATE_LEVEL procedure, 7.5.2

CREATE_POLICY procedure, 7.1.1, 7.4.4

inverse groups, 15.8.1

CREATE_VIEW procedure, 12.5.1, E.1.3

creating databases, 14.5

D

DAC. See discretionary access control (DAC)

data

access rules, 1.3.1

label-based access, 2.1, 2.1

sensitivity, 1.3.4.1, 7.6.2

data dictionary tables, 8.1, 8.7.1, 14.4.1, 14.5, E.1.1

DATA_LABEL function, 11.4.1.3

database links, 13.2

Database Management System Protection Profile (DBMS PP), 1.1.1

databases, creating additional, 14.5

DBA_policyname_AUDIT_TRAIL view, E.1.3

DBA_SA_AUDIT_OPTIONS view, 12.3.4, E.1.2.15, E.1.3

DBA_SA_COMPARTMENTS view, 14.2.2, E.1.2.16

DBA_SA_DATA_LABELS view, E.1.2.17

DBA_SA_GROUP_HIERARCHY view, E.1.2.19

DBA_SA_GROUPS view, 14.2.2, E.1.2.18

DBA_SA_LABELS view, 14.2.2, E.1.2.20

DBA_SA_LEVELS view, 14.2.2, E.1.2.21

DBA_SA_POLICIES view, E.1.2.22

DBA_SA_PROG_PRIVS view, E.1.2.23

DBA_SA_SCHEMA_POLICIES view, 9.1.8, E.1.2.24

DBA_SA_TABLE_POLICIES view, 9.1.8, E.1.2.25

DBA_SA_USER_COMPARTMENTS view, 8.7.2, E.1.2.27

DBA_SA_USER_GROUPS view, 8.7.2, E.1.2.28

DBA_SA_USER_LABELS view, E.1.2.29

DBA_SA_USER_LEVELS view, 8.7.2, E.1.2.30

DBA_SA_USER_PRIVS view, E.1.2.31

DBA_SA_USERS view, E.1.2.26

default port, B.2

default row label, 5.6.3

DELETE_CONTROL option, 9.1.1, 9.1.1, 9.5

DELETE_RESTRICT option, 9.5

deleting labeled data, 9.5

demobld.sql file, 7.3.1.1

DISABLE_POLICY procedure, 7.4.6

DISABLE_SCHEMA_POLICY procedure, 10.3, 10.5.4

DISABLE_TABLE_POLICY procedure, 10.3, 10.4.3

discretionary access control (DAC), 1.1.3.1, 3.5.4

distributed databases

connecting to, 13.2

multiple policies, 3.6.2

Oracle Label Security configuration, 13.1

remote session label, 13.3

dominance

definition, 3.4.2, 3.4.2

functions, A.1.3

greatest lower bound, 5.4.4.2

inverse groups, 15.9

least upper bound, 5.4.4.1

overview, A.1.1

DOMINATED_BY function, A.1.3, A.1.3.3, A.1.3.7

DOMINATES function, A.1.1, A.1.3, A.1.3.1, A.1.3.5

DROP USER CASCADE restriction, E.2.4

DROP_ALL_COMPARTMENTS procedure, 8.2.7

DROP_ALL_GROUPS procedure, 8.2.11

DROP_COMPARTMENT procedure, 7.5.7

DROP_COMPARTMENTS function, 8.2.6

DROP_GROUP procedure, 7.5.11

DROP_GROUPS procedure, 8.2.10

DROP_LABEL function, 7.6.3

DROP_LEVEL procedure, 7.5.4

DROP_POLICY procedure, 7.4.8

DROP_USER_ACCESS procedure, 8.3.4

DROP_VIEW procedure, 12.5.2

duties, of security administrators, 7.2

E

ENABLE_POLICY procedure, 7.4.7

ENABLE_SCHEMA_POLICY procedure, 10.3, 10.5.5

ENABLE_TABLE_POLICY procedure, 10.3, 10.4.4

enforcement options

and UPDATE, 9.4.2

combinations of, 9.1.6

exemptions, 9.1.7

guidelines, 9.1.6

INVERSE_GROUP, 15.3.1

list of, 9.1.1

overview, 9.1.1

viewing, 9.1.8

Evaluation Assurance Level (EAL) 4, 1.1.1

examples

Oracle Label Security, 4.3

EXEMPT ACCESS POLICY privilege, 9.1.7, 9.1.7

Export utility

LBACSYS restriction, E.2.3

policy enforcement, 9.1.7

row labels, 3.5.2.1, 14.1, 14.2.2

F

FULL privilege, 3.5.1, 3.5.2.2, 3.5.2.4

function call, C.1, C.2

G

GLBD function, 5.4.4.2

granularity, data access, 3.4.3

GREATEST_LBOUND function, 5.4.4.2, 11.4.4.1

inverse groups, 15.8.14

GROUP_READ function, 5.6.6.2

GROUP_WRITE function, 5.6.6.2

groups

definition, 2.2.4

example, 2.2.4

hierarchical, 2.2.4, 2.2.4, 2.4, 2.4, E.1.2.19

inverse, 15.2

parent, 2.2.4, 2.2.4, 2.2.4, 3.4.1.2, 3.4.1.2, 7.5.8, 7.5.10, 15.3.4

read/write access, 3.4.1.2

setting authorizations, 3.3.1.3

H

HIDE, 5.1.1.1, 7.4.4, 7.4.5

HIDE option

default, 7.4.4

discussion of, 9.1.2

example, 5.1.1.3

importing hidden column, 14.2.5

inserting data, 5.5.4

not exported, 14.1

per-table basis, 5.3.2.2

PL/SQL restriction, E.2.6

schema level, 9.1.1

I

Import utility

importing labeled data, 14.2.1.2, 14.2.2

importing policies, 14.1

importing unlabeled data, 14.2.4

with Oracle Label Security, 14.2

indexes, 14.4.2, 14.4.2

INITIAL_LABEL variable, A.2

INITIAL_ROW_LABEL variable, A.2

initialization parameters

AUDIT_TRAIL, 12.2

COMPATIBLE, 14.5

INSERT_CONTROL option, 9.1.1, 9.1.1, 9.3.1

inserting labeled data, 5.5, 9.3

INTO TABLE clause, 14.3.2

inverse groups

and label components, 15.3.2

COMPACCESS privilege, 15.3.5, 15.6

computed labels, 15.3.3

dominance, 15.9

implementation of, 15.3

introduction, 15.2

Max Read Groups, 15.3.3.2

Max Write Groups, 15.3.3.2

parent-child unsupported, 15.3.4

read algorithm, 15.4

session labels, 15.7

SET_DEFAULT_LABEL, 15.7.1

SET_LABEL, 15.7.2

SET_ROW_LABEL, 15.7.1, 15.7.2

user privileges, 15.3.5

write algorithm, 15.5

INVERSE_GROUP enforcement option

behavior of procedures, 15.8

implementation, 15.3.1

L

label components

defining, 7.1.2, 7.5

in distributed environment, 13.4

industry examples, 2.2.5

interrelation, 2.4

valid characters, 2.2.1, 2.2.1, 7.4.3

label evaluation process

COMPACCESS read, 3.5.2.3

COMPACCESS write, 3.5.2.3

inverse groups, COMPACCESS, 15.6

LABEL_UPDATE, 9.4.2

read access, 3.4.2

read access, inverse groups, 15.4

write access, 3.4.3

write access, inverse groups, 15.5

LABEL function, 5.6.6.2

label tags

converting from string, 5.3.1

converting to string, 5.3.2

distributed environment, 13.4.1

example, 5.1.2.1

inserting data, 5.5.2

introduction, 2.3

manually defined, 5.1.2.1, 5.1.2.2

strategy, 14.4.3

using in WHERE clauses, 5.4.1

LABEL_DEFAULT option

and labeling functions, 9.1.3.1, 9.2.1, 9.2.2

authorizing compartments, 3.3.1.2

authorizing groups, 3.3.1.3

definition, 9.1.1

importing unlabeled data, 14.2.4

inserting labeled data, 5.5.3

with enforcement options, 9.1.6, 9.1.6

with SET_ROW_LABEL, 5.6.3

LABEL_TO_CHAR function, 5.3.2, 5.3.2.1.3, 5.4.3

LABEL_UPDATE option

and labeling functions, 9.1.3.2, 9.2.2

and privileges, 9.1.3.2

and WRITE_CONTROL, 9.1.4.2

and WRITEDOWN, 3.5.3

and WRITEUP, 3.5.1, 3.5.1, 3.5.1, 3.5.3

definition, 9.1.1, 9.1.1

evaluation process, 9.4.2

with enforcement options, 9.1.6

label-based security, 2.1

labeling functions

ALL_CONTROL and NO_CONTROL, 9.1.5

and CHECK_CONTROL, 9.3.1

and LABEL_DEFAULT, 9.1.3.1, 9.1.3.2, 9.2.1

and LABEL_UPDATE, 9.1.3, 9.1.3.3

and LBACSYS, 9.2.2

creating, 9.2.3

example, 9.2.1

how they work, 9.2.2

importing unlabeled data, 14.2.4

in force, 9.1.3

inserting data, 5.5.3

introduction, 3.5.7

override manual insert, 9.3.2

specifying, 9.2.4

testing, 9.2.2

UPDATE, 9.4.3

using, 9.2.1

with enforcement options, 9.1.6, 9.1.6

labels

administering, 2.5

and performance, 3.5.2.1

data and user, 2.4

merging, 5.4.5

non-comparable, A.1.2

relationships between, A.1

syntax, 2.3

valid, 2.3, 5.1.2

with inverse groups, 15.3.3

LBAC_DBA role, 7.4.1

LBAC_LABEL datatype, 9.2.2

LBACSYS schema

and labeling functions, 9.2.2

creating additional databases, 14.5

data dictionary tables, 14.4.1

export restriction, 14.1, E.2.3

LEAST_UBOUND function, 5.4.4.1, 5.4.5, 11.4.4.2

inverse groups, 15.8.13

levels

definition, 2.2.2

example, 2.2.2

setting authorizations, 3.3.1.1

LUBD function, 5.4.4.1

M

materialized views, 13.6.1.1, 13.6.3.2

Max Read Groups, 15.3.3.2

Max Write Group, 15.3.3.2, 15.3.3.2

MAX_LEVEL function, 5.6.6.2

MERGE_LABEL function, 5.4.5, 5.4.5

MIN_LEVEL function, 5.6.6.2

N

NO_CONTROL option, 9.1.1, 9.1.1, 9.1.5

NOAUDIT procedure, 12.3.1, 12.3.3, 12.3.3, 12.4.2

NUMBER datatype, 5.1.1

NUMERIC_LABEL function, 11.4.1.1

NUMERIC_ROW_LABEL function, 11.4.1.2

O

object privileges

and Oracle Label Security privileges, 3.5.4

and trusted stored program units, 3.5.6, 11.1.1

discretionary access control, 1.1.3.3

OCI example, A.2.5

OCI interface, A.2

OCI_ATTR_APPCTX_LIST, A.2.2

OCI_ATTR_APPCTX_SIZE, A.2.1

OCIAttrGet, A.2.2

OCIAttrSet, A.2, A.2.1, A.2.4

OCIParamGet, A.2.3

OptionsA, B.2.1

Oracle Database Conrfiguration Assistant (DBCA)

Oracle Label Security, installing, 4.1

Oracle Enterprise Manager

administering labels, 2.5

Oracle Internet Directory

configuring OLS after switchover to standby database, 6.10.4

OID with Oracle Data Guard, 6.10.4

Oracle Internet Directory Administrator’s Guide, 6.10.1

Oracle Label Security (OLS)

creating, 4.2

example, 4.3

installing, 4.1

ORDER BY clause, 5.4.1, 5.4.2

P

packages

Oracle Label Security, 7.3.1

trusted stored program units, 11.1

partitioning, 5.1.2.2, 14.4.4

performance, Oracle Label Security

ANALYZE command, 14.4

indexes, 14.4.2

label tag strategy, 14.4.3

partitioning, 14.4.4

READ privilege, 3.5.2.1

PL/SQL

creating VPD policies, 1.3.2

overloaded procedures, 7.5.1

recreating labels for import, 14.2.2

SA_UTL package, 11.4

trusted stored program units, 11.1

policies

applying to schemas, 10.3, 10.5

applying to tables, 10.3, 10.4

creating, 7.1.1

enforcement guidelines, 9.1.6

enforcement options, 1.3.4.4, 3.5.7, 5, 9.1.1, 9.1.1, 9.1.6

managing, 7.4

multiple, 5.1.2, 8.1, E.2.2

privileges, 1.1.3.3, 1.3.4.3, 3.5.4, 8.4

terminology, 10.1

policy label column

indexing, 14.4.2

inserting data when hidden, 5.5.4

introduction, 5.1.1, 5.1.1

retrieving, 5.3.2.1.1

retrieving hidden, 5.3.2.2

storing label tag, 2.3

policy_DBA role, 7.2, 7.4.2, 7.6, 8.1, 8.4, 10.4, 10.5

predicates

access mediation, 3.5.7

errors, 9.6.1

label tag performance strategy, 14.4.3

multiple, 9.6.2

used with policy, 9.6.1

privileges

COMPACCESS, 3.5.1, 3.5.2.3

FULL, 3.5.1, 3.5.2.2, 3.5.2.4

Oracle Label Security, 3.5.1

PROFILE_ACCESS, 3.5.1, 3.5.2.4

program units, 3.5.6

READ, 3.5.1, 3.5.2.1

row label, 3.5.3

trusted stored program units, 11.3.5

WRITEACROSS, 3.5.1, 3.5.3, 3.5.3.3

WRITEDOWN, 3.5.1, 3.5.3, 3.5.3.2, 3.5.6

WRITEUP, 3.5.1, 3.5.3, 3.5.3.1

PRIVS function, 5.6.6.2

procedures, overloaded, 7.5.1

PROFILE_ACCESS privilege, 3.5.1, 3.5.2.4

propagated, C.1

R

RAC, C.1

read access

algorithm, 3.4.2, 3.5.2.2

introduction, 3.4.1.1

read label, 3.3.2

READ privilege, 3.5.1, 3.5.2.1

READ_CONTROL option

algorithm, 3.4.2

and CHECK_CONTROL, 9.1.3.3

and child rows, 9.3.3

definition, 9.1.1, 9.1.1

referential integrity, 9.4.4

with other options, 9.1.6

with predicates, 9.6.1

READ_ONLY function, 8.2.4, 8.2.5, 8.2.8, 8.2.9

READ_WRITE function, 8.2.4, 8.2.5, 8.2.8, 8.2.9

reading down, 3.4.2

referential integrity, 9.3.3, 9.4.4, 9.5

releasability, 15.2

remote users, 13.2

REMOVE_SCHEMA_POLICY procedure, 10.3, 10.5.3

REMOVE_TABLE_POLICY procedure, 10.3, 10.4.2

REPADMIN account, 13.6.1.1, 13.6.3.1, 13.6.3.2

replication

materialized views (snapshots), 13.6.1.1, 13.6.3.2, 13.6.4

with Oracle Label Security, 13.6, 13.6.1.2

RESTORE_DEFAULT_LABELS procedure, 5.6.1, 5.6.4

restrictions, Oracle Label Security, E.2

row label

default, 5.6.3

row labels

changing compartments, 8.2.4

default, 3.3.1.2, 3.3.1.3, 3.3.2, 5.6.1, 11.4.3.2, C.2

example, 3.2.3

in distributed environment, 13.3

inserting, 5.5.1

LABEL_DEFAULT option, 5.5, 9.1.3.1

privileges, 3.5.3

restoring, 5.6.4

saving defaults, 5.6.5

setting, 5.6.3, 11.4.3.2

setting compartments, 8.2.2

setting groups, 8.2.3

setting levels, 8.2.1

understanding, 3.2.2

updating, 3.5.3

viewing, 11.4.1.2

ROW_LABEL function, 5.6.6.2

S

SA_COMPONENTS package, 7.5

SA_POLICY_ADMIN, 10

SA_POLICY_ADMIN package, 10

SA_SESSION functions

defined, 5.6.1

viewing security attributes, 5.6.6.2

SA_SYSDBA package, 7.4

SA_USER_ADMIN package

administering stored program units, 11.2

overview, 8.1

SA_USER_NAME function, 5.6.6.2, 8.6

SA_UTL package

dominance functions, A.1.3.5

overview, 11.4

SAVE_DEFAULT_LABELS procedure, 5.6.1, 5.6.5

schemas

applying policies to, 7.1.4, 7.4.5, 9.1.6

default policy options, 7.4.4

restrictions on shared, E.2.5

security

introduction, 1.1

standards, 1.1.1

security evaluations

EAL4, 1.1.1

security policies

introduction, 1.1.2

VPD, 1.3.3

session labels

changing, 5.6.2

computed, 3.3.2

distributed database, 13.3

example, 3.2.3

OCI interface, A.2

restoring, 5.6.4

SA_UTL.SET_LABEL, 11.4.3.1

saving defaults, 5.6.5

setting compartments, 8.2.2

setting groups, 8.2.3

setting levels, 8.2.1

understanding, 3.2.1

viewing, 11.4.1.1

SET_ACCESS_PROFILE function, E.2.5

SET_ACCESS_PROFILE procedure, 8.5, 8.6

SET_COMPARTMENTS procedure, 8.2.2

SET_DEFAULT_LABEL function, 8.3.2

inverse groups, 15.7.1

SET_DEFAULT_LABEL procedure

inverse groups, 15.8.7

SET_GROUPS procedure, 8.2.3

inverse groups, 15.8.5

SET_LABEL function

and RESTORE_DEFAULT_LABELS, 5.6.4

definition, 5.6.1, 5.6.6.2, 5.6.6.2

inverse groups, 15.7.2

on remote database, 13.3

SA_UTL.SET_LABEL, 11.4.3.1

using, 5.6.2

SET_LABEL procedure

inverse groups, 15.8.11

SET_LEVELS procedure, 8.2.1

SET_PROG_PRIVS function, 11.2, 11.2, 11.2

SET_ROW_LABEL function

inverse groups, 15.7.1, 15.7.2

SET_ROW_LABEL procedure, 5.6.1, 5.6.3, 8.3.3, 11.4.3.2, 15.7.2.1, 15.7.2.2

inverse groups, 15.8.8, 15.8.12

SET_USER_LABELS procedure, 8.3.1

inverse groups, 15.8.6

SET_USER_PRIVS function, 8.4

shared schema restrictions, E.2.5

SQL*Loader, 14.3

STRICTLY_DOMINATED_BY function, A.1.3, A.1.3.4, A.1.3.8

STRICTLY_DOMINATES function, A.1.3, A.1.3.2, A.1.3.6

SYS account

policy enforcement, 9.1.7

SYS_CONTEXT

and labeling functions, 9.2.2

variables, A.2

SYSDBA privilege, 12.2

system privileges, 1.1.3.3, 3.5.4, 3.5.5, 3.5.6

T

tasks, overview, 7.1

TO_DATA_LABEL function, 5.5.5, 7.1.3, 7.6.1

TO_LBAC_DATA_LABEL function, 9.2.2

triggers, 9.2.2

trusted stored program units

creating, 11.3.1

error handling, 11.3.5

example, 11.1.2

executing, 11.3.5

introduction, 11.1

privileges, 3.5.6, 11.3.5

re-compiling, 11.3.3

replacing, 11.3.4

U

UPDATE_CONTROL option, 9.1.1, 9.1.1, 9.4.2

updating labeled data, 9.4

user authorizations

compartments, 3.3.1.2

groups, 3.3.1.3

levels, 3.3.1.1

understanding, 3.3

USER_SA_SESSION view, 5.6.6.1

V

views

access mediation, 3.5.5

ALL_SA_AUDIT_OPTIONS, E.1.2.1

ALL_SA_COMPARTMENTS, E.1.2.2

ALL_SA_GROUPS, E.1.2.4

ALL_SA_LABELS, E.1.2.3, E.1.2.5

ALL_SA_LEVELS, E.1.2.6

ALL_SA_POLICIES, E.1.2.7

ALL_SA_PROG_PRIVS, E.1.2.8

ALL_SA_SCHEMA_POLICIES, E.1.2.9

ALL_SA_TABLE_POLICIES, E.1.2.10

ALL_SA_USER_LABELS, E.1.2.12

ALL_SA_USER_LEVELS, E.1.2.13

ALL_SA_USER_PRIVS, E.1.2.14

ALL_SA_USERS, E.1.2.11

auditing, E.1.3

DBA_policyname_AUDIT_TRAIL, E.1.3

DBA_SA_AUDIT_OPTIONS, 12.3.4, E.1.2.15, E.1.3

DBA_SA_COMPARTMENTS, E.1.2.16

DBA_SA_DATA_LABELS, E.1.2.17

DBA_SA_GROUP_HIERARCHY, E.1.2.19

DBA_SA_GROUPS, E.1.2.18

DBA_SA_LABELS, E.1.2.20

DBA_SA_LEVELS, E.1.2.21

DBA_SA_POLICIES, E.1.2.22

DBA_SA_PROG_PRIVS, E.1.2.23

DBA_SA_SCHEMA_POLICIES, 9.1.8, E.1.2.24

DBA_SA_TABLE_POLICIES, 9.1.8, E.1.2.25

DBA_SA_USER_COMPARTMENTS, E.1.2.27

DBA_SA_USER_GROUPS, E.1.2.28

DBA_SA_USER_LABELS, E.1.2.29

DBA_SA_USER_LEVELS, E.1.2.30

DBA_SA_USER_PRIVS, E.1.2.31

DBA_SA_USERS, E.1.2.26

USER_SA_SESSION, 5.6.6.1

virtual private database (VPD)

policies, 1.3.2

W

write access

algorithm, 3.4.3, 3.5.2.2

introduction, 3.4.1

write label, 3.3.2

WRITE_CONTROL option

algorithm, 3.4.3

definition, 9.1.1, 9.1.1

introduction, 9.1.4.2

LABEL_UPDATE, 9.1.4.2

with INSERT, UPDATE, DELETE, 9.1.4.2

with other options, 9.1.6

WRITEACROSS privilege, 3.5.1, 3.5.3, 3.5.3.3, 9.1.1, 9.1.3.2, 9.4.2

WRITEDOWN privilege, 3.5.1, 3.5.3, 3.5.3.2, 3.5.6, 9.1.1, 9.1.3.2, 9.4.2

WRITEUP privilege, 3.5.1, 3.5.3, 3.5.3.1