Oracle Label Security Part 1: Intro

Oracle Label Security is an Oracle Database feature that provides row level security on records within your tables. It’s a way to centralise your data security in a single source – the Oracle Database. Basically it works by allowing you to create labels that are applied to records in your table. When a user queries for data in the database their access to the labels will be checked and only records that match will be returned. The beauty of this is that the user label checking is invisible to the user, it’s all done by the database. For instance the query ‘SELECT * FROM documents’ (assumming documents has a label policy applied) will return different results depending on the permissions of the user. Contrast this to the traditional approach where we would need to add a WHERE clause, eg: SELECT * FROM documents WHERE label=’Secret’;

You might be asking, so what? Adding a WHERE clause isn’t that hard and that’s exactly the point. Adding a WHERE clause is pretty easy, but so is not adding one. If I can get access to your database then I can just ‘SELECT * FROM documents’ and get every document in your system, regardless of permission. But with Label Security, even if I manage to bypass your application, I won’t be able to get any documents beyond those that I have permission for. This is especially important in a post-Snowden world, where we no longer trust our database admins (sorry guys!). With Label Security we can ensure that our DBAs and application developers can still have access to the underlying tables (for maintenance, development etc), but they won’t actually see any data (technically we’d also need to employ Database Vault to ensure that our DBAs don’t just modify the policy or add themselves to it, but that’s a post for another day).

Continue reading