Monday, January 28, 2013

Install/Deinstall Oracle Lable Secuirty

Oracle provide you with amazing tools to secure your data, and make sure no one will access to it. One of this amazing tools is Oracle label security (OLS) allows access control down to individual rows based on attached labels. Similar functionality can be reproduced using Fine Grained Access Control (FGAC) but OLS provides an out-of-the-box solution to row-level security. In this article I'll present a simple example of the configuration of OLS.

To understand OLS you could read oracle documentation about it, OLS has two parts One binary which installed through Oracle Universal Installer (OUI) and to know if you have been install it you can check log in information to sqlplus  banner
Oracle Label Security  ....

All this in the 11g become more easier since you can install all features while you choose enterprise edition and use chopt to enable and disable :
chopt enable lbac
chopt disable lbac
 talking about second part which can be installed via PL/SQL packages,all this can be installed thru catols.sql
and you can use this way in 10g or 11g, and to de-install the OLS you can use the catnools.sql. but just as information oracle recommend that to install OLS you need to use DBCA.

if you decide to goes thru manual way its better to read MOS notes since you need to apply some patches to complete the installation.

sqlplus / as sysdba
SQL> @?/rdbms/admin/catols.sql

sqlplus / as sysdba
SQL> @?/rdbms/admin/catnools.sql

Just as note : If you install OLS while installation AUD$ table dropped from SYS schema and recreated on SYSTEM to be --> SYSTEM.AUD$

And Once you remove OLS its recreated again on SYS.AUD$

Thank you
Osama Mustafa


  1. The post is written in very a good manner and it entails many useful information for me. I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post.

    Oracle Security

  2. Thanks very much for sharing this interesting post. I am just starting up my own blog and this has given me inspiration to what I can achieve.
    Essay Writing || Buy Essays || Cheap Essays

  3. Hi,

    How do you apply the chopt utility when you have one Oracle_Home and multiple database instances (SID's) intalled?


  4. hi osama mustafa

    i need your help very urgently if you can

    i impleneted oracle standby database on 11g every thing is working fine but
    whenever i am connecting it through toad or user authentication it is giving error

    ORA-12432: LBAC error zllesisinit:OCIstmtExecute

    please help me

  5. You need to disable LBAC option using the below command :
    cd $ORACLE_HOME/rdbms/lib
    make -f lbac_off ioracle

  6. Thnx Osama

    i done it several times but error was still persisting
    after doing that i just change my OS and Oracle software into 64 bit from 32 bit by reinstalling the OS and
    Oracle and then use the same files of database and place the parameter and password files on 64 bit oracle
    and standby database opens in read only mode

    thnx osama for your reply