Is there anyway to implement and/or manage OLS from within OWB? I am
currently running 9iR2? If it's not supported in 9iR2 is it supported
in 10g?

Thanks!

Marc

Marc A. Lefebvre US-775 wrote:
Is there anyway to implement and/or manage OLS from within OWB? I am currently running 9iR2? If it's not supported in 9iR2 is it supported in 10g?

Please explain in a bit more detail what you are trying to accomplish.

In the most general terms, RLS provides a predicate that can be 'appended'
to a where clause against a table. As a special case it matches a userid
to a selectable condition that can be found in a table, for example, user
'XYZ' can look at rows marked 'SECRET'

One way of 'managing' RLS is simply by ensuring apropriate rows have
appropriate 'stamps' - IF that is the type of policy you are using. In
that case, OWB could easily set up the individual rows properly.

Much more complex security policies are possible as the predicate that is
added to the query or DML statement is generated by PL/SQL procedure.
Basic Row Level Security, aka Virtual Private Database, as been around
since 8i. I believe in 9i Oracle added a canned implementation as an
option (called Label Security - which you reference) to simplify the admin
and eliminate the programming. But that should not preclude using the
inherent capability as described in Chapter 9 of the

Oracle9i Security Overview
Release 2 (9.2)
Part Number A96582-01

found at http://docs.oracle.com - Oracle9iR2 section or more directly at
http://www.oracle.com/pls/db92/db92.homepage

While looking at the docs, you might also want to check the "Label Security
Administrator's Guide".

/Hans
By the way - cross posting is not necessary (or appreciated) in the
comp.database.oracle heirarchy.

In article <5ef1a86c.0409211749.55d004cb@posting.google.com>, Marc A.
Lefebvre US-775 <lefebvre@iwavesolutions.com> writesIs there anyway to implement and/or manage OLS from within OWB? I amcurrently running 9iR2? If it's not supported in 9iR2 is it supportedin 10g?
Hi Marc,

I don't know specifically if you can manage label security in OWB but
you might be interested in a two part paper i wrote about row level
security that is available from my web site
http://www.petefinnigan.com/orasec.htm also on the same page there are
links to a 4 part paper on implementing Label security written by Jim
Czuprynski which is an excellent discussion on its use and
implementation.

hth

kind regards

Pete
--
Pete Finnigan (email:pete@petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

Hans Forbrich <news.hans@telus.net> wrote in message news:<U474d.67350$KU5.11476@edtnps89>... Marc A. Lefebvre US-775 wrote: Is there anyway to implement and/or manage OLS from within OWB? I am currently running 9iR2? If it's not supported in 9iR2 is it supported in 10g? Please explain in a bit more detail what you are trying to accomplish.

Well, I have a datawarehouse that I currently manage with OWB. And
through this datawarehouse, I ETL data into a datamart that has a Star
Schema. There is currently no Oracle Lable Security on the datamart
and I have been asked to implement this. so, I am wondering if it can
be accomplished through Oracle Warehouse Builder, or do I have to
create scripts outside of the tool to setup and manage OLS.

Specifically, I need to enable OLS on the datamart so that the
predicate WILL be appended on each query. I need to create the
security groups and levels and the table that this will reside in. I
need to configure OLS so that it will check the table for the access
levels. I also need to modify the tables so that they will have the
security fields.

I hope this helps in understanding what I am asking. Sorry about the
crosspost, I usually do that if I am not sure which group the inquery
belongs.

Regards,

Marc

Marc A. Lefebvre US-775 wrote:
Hans Forbrich <news.hans@telus.net> wrote in message news:<U474d.67350$KU5.11476@edtnps89>... Marc A. Lefebvre US-775 wrote: Is there anyway to implement and/or manage OLS from within OWB? I am currently running 9iR2? If it's not supported in 9iR2 is it supported in 10g? Please explain in a bit more detail what you are trying to accomplish. Well, I have a datawarehouse that I currently manage with OWB. And through this datawarehouse, I ETL data into a datamart that has a Star Schema. There is currently no Oracle Lable Security on the datamart and I have been asked to implement this. so, I am wondering if it can be accomplished through Oracle Warehouse Builder, or do I have to create scripts outside of the tool to setup and manage OLS. Specifically, I need to enable OLS on the datamart so that the predicate WILL be appended on each query. I need to create the security groups and levels and the table that this will reside in. I need to configure OLS so that it will check the table for the access levels. I also need to modify the tables so that they will have the security fields. I hope this helps in understanding what I am asking. Sorry about the crosspost, I usually do that if I am not sure which group the inquery belongs. Regards, Marc


The OLS and the OWB/ETL capabilities are totaly independant of each other.
That said, OLS generally creates a predicate that uses a simple column
lookup and OWB can be used to fill that column.

The magic behind OLS is that the policies do not have to be written - that's
discussed in the documentation I mentioned as well as the papers Pete
Finnigan mentioned.

So first step will be to enable OLS (see the docco), followed by using OWB
to transform and data fill to meet the policies.

HTH
/Hans