Most security administrators know how to use E-Business Suite responsibilities to manage access to data and functionality. The majority of EBS customers will never need anything beyond those standard capabilities. Some organisations may need specialised security to complement the EBS responsibility model. Oracle Label Security may appropriate for certain specialised requirements.
Oracle Label Security allows administrators to classify every row in a table, ensuring that access to sensitive data is restricted to users with the appropriate clearance level. OLS can be used to enforce regulatory compliance with a policy-based administration model to support custom data classification schemes for implementing “need to know” access. Labels can be used as factors within Oracle Database Vault command rules for multi-factor authorization polices.
Supported but not certified
It is possible to use Oracle Label Security with the E-Business Suite. Custom OLS policies will -- by design -- change the end-user behavior of EBS. It is possible for an OLS policy to break EBS, so we can't offer the standard technology certification in this case. What is certified is "the approach" of using OLS to implement custom security policies over EBS relational data. We do not certify specific versions of OLS, nor do we certify specific OLS policies.
From a support perspective, we treat OLS policies like any other EBS customization, namely:
How do I define OLS policies in EBS environments?
This rather-elderly Note explains techniques for adding OLS policy initialization logic to EBS session initialization. Although this Note is written specifically for Oracle9i Label Security and EBS 11i, the techniques documented here remain valid today to later database and EBS releases: