Using Oracle Label Security with Oracle E-Business Suite

Most security administrators know how to use E-Business Suite responsibilities to manage access to data and functionality.  The majority of EBS customers will never need anything beyond those standard capabilities. Some organisations may need specialised security to complement the EBS responsibility model. Oracle Label Security may appropriate for certain specialised requirements.

Oracle Label Security example diagram

Oracle Label Security allows administrators to classify every row in a table, ensuring that access to sensitive data is restricted to users with the appropriate clearance level. OLS can be used to enforce regulatory compliance with a policy-based administration model to support custom data classification schemes for implementing “need to know” access. Labels can be used as factors within Oracle Database Vault command rules for multi-factor authorization polices.

Supported but not certified

It is possible to use Oracle Label Security with the E-Business Suite.  Custom OLS policies will -- by design -- change the end-user behavior of EBS.  It is possible for an OLS policy to break EBS, so we can't offer the standard technology certification in this case.   What is certified is "the approach" of using OLS to implement custom security policies over EBS relational data.  We do not certify specific versions of OLS, nor do we certify specific OLS policies.

From a support perspective, we treat OLS policies like any other EBS customization, namely:

  • We can only issue EBS patches for issues that can be reproduced in environments without custom OLS policies.
  • If you report an issue that can't be reproduced in vanilla, uncustomized environments, our default guidance will be to disable the custom OLS policies.
  • We cannot review your OLS policies or make recommendations on how to create custom OLS policies.

How do I define OLS policies in EBS environments?

This rather-elderly Note explains techniques for adding OLS policy initialization logic to EBS session initialization.  Although this Note is written specifically for Oracle9i Label Security and EBS 11i, the techniques documented here remain valid today to later database and EBS releases:

Related Articles


Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today