Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The patch set is out"] [Next entry: "Don Burleson: Oracle fraud alert"]

Nice four part paper on label security by Jim Czuprynski

I was looking for some information on Oracle Label security (OLS) for a client to read and of course remembered th multi-part paper written by Jim Czuprynski on this subject. I had found links to the first three parts - some parts were multi-pages and had therefore multiple links - some time ago and had added them to my Oracle security white papers section some time ago. I found that I had not added the final and fourth part even though I have read it previously so this morning I have updated the white papers page to include this fourth and final part.

This set of papers is excellent and probably the best resource on the internet about how to design, implement, test, use and maintain Oracle Label Security. Jim has done a masterful job of covering the subject. The paper goes through a complete example implementation and use and testing so that you can install and try the code for yourself.

The final part even covers how to modify and remove OLS as well as how to enable the additional auditing features necessary to track changes to the Oracle Label Security policies. Links to all 4 parts can be found on my white papers section. The papers were published on

This is Jim's synopsis included in the final part:

"Synopsis. Oracle Label Security (OLS) offers a powerful implementation of row-based security that is perfect for restricting user access to specific data, especially in a data mart or data warehousing environment. Previous articles presented a brief overview of how these features work, and how these features can be implemented in any Oracle database. This concluding article wraps up this series with discussion of some advanced OLS features as well as mechanisms for maintaining an existing OLS security policy."

There has been 1 Comment posted on this article