Oracle LBAC_CACHE
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose Undocumented Label Security support utilities.
AUTHID DEFINER
Dependencies
ALL_SA_AUDIT_OPTIONS DBA_LBAC_TABLE_POLICIES LBAC_POLICY_ADMIN_INT
ALL_SA_COMPARTMENTS DBA_SA_AUDIT_OPTIONS LBAC_SERVICES
ALL_SA_DATA_LABELS DBA_SA_DATA_LABELS LBAC_SESSION
ALL_SA_GROUPS DBA_SA_POLICIES LBAC_STANDARD
ALL_SA_GROUP_HIERARCHY DBA_SA_SCHEMA_POLICIES LBAC_SYSDBA
ALL_SA_LABELS DBA_SA_TABLE_POLICIES LBAC_UTL
ALL_SA_LEVELS DBA_SA_USERS OID_ENABLED
ALL_SA_POLICIES DBA_SA_USER_LABELS OLS$DATAPUMP
ALL_SA_PROGRAMS DBA_SA_USER_PRIVS ORA_GET_AUDITED_LABEL
ALL_SA_PROG_PRIVS DBMS_ASSERT PRIVS_TO_CHAR
ALL_SA_SCHEMA_POLICIES DBMS_SESSION PRIVS_TO_CHAR_N
ALL_SA_TABLE_POLICIES DBMS_UTILITY SA$POL
ALL_SA_USERS LBAC$CACHE_LIBT SA_AUDIT_ADMIN
ALL_SA_USER_COMPARTMENTS LBAC$SA SA_COMPONENTS
ALL_SA_USER_GROUPS LBAC$SA_LABELS SA_LABEL_ADMIN
ALL_SA_USER_LABELS LBAC_CACHE SA_SESSION
ALL_SA_USER_LEVELS LBAC_EVENTS SA_USER_ADMIN_INT
ALL_SA_USER_PRIVS LBAC_EXP SA_UTL
DBA_LBAC_POLICIES LBAC_LGSTNDBY_UTIL TO_LABEL_LIST
DBA_LBAC_SCHEMA_POLICIES    
Documented Not in the docs but there is limited information at support.oracle.com
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available Not known
Security Model Owned by LBACSYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
BYPASSALL GET_UNIQUE_ID OPTION_STRING
BYPASSREAD INVERSE_GROUP OPTION_STRING_IMP
CACHE_TAGS IS_FAILOVER PACKAGE
CACHE_TAGS_INV IS_OID_CONFIGURED POLICYEXISTS
CANONICALIZE_IDENTIFIER IS_OLS_ENABLED POLICY_NAME
CHECK_POLICYADMIN IS_OP_ALLOWED_LOGICAL POL_NUMBER
CHECK_POLICYROLE IS_RAC_ENABLED SET_ALTER_ALLOW
COLUMN_NAME MAX_SES_POLICY_ID STORE_DEFAULT_OPTIONS
FAILEDSTARTUP OPTION_NUMBER UPDATE_PROPS_TABLE
 
BYPASSALL
Undocumented lbac_cache.bypassAll(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
BYPASSREAD
Undocumented lbac_cache.bypassRead(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CACHE_TAGS
Undocumented lbac_cache.cache_tags(refresh IN BOOLEAN);
exec lbacsys.lbac_cache.cache_tags(TRUE);

PL/SQL procedure successfully completed.
 
CACHE_TAGS_INV
Undocumented lbac_cache.cache_tags_inv(polid IN BINARY_INTEGER);
TBD
 
CANONICALIZE_IDENTIFIER
Undocumented lbac_cache.canonicalize_identifier(
name      IN  VARCHAR2,
parameter IN  VARCHAR2,
result    OUT VARCHAR2);
TBD
 
CHECK_POLICYADMIN
Undocumented lbac_cache.check_policyAdmin(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CHECK_POLICYROLE
Undocumented lbac_cache.check_policyRole(
policy_name  IN VARCHAR2,
audit_action IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD
 
COLUMN_NAME
Undocumented lbac_cache.column_name(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
FAILEDSTARTUP
Undocumented lbac_cache.failedStartup(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
GET_UNIQUE_ID
Undocumented lbac_cache.get_unique_id RETURN VARCHAR2;
SELECT lbac_cache.get_unique_id;

SELECT NVL(lbacsys.lbac_cache.get_unique_id, 'Problem!') AS UID;
 
INVERSE_GROUP
Undocumented lbac_cache.inverse_group(pol_number IN BINARY_INTEGER) RETURN BOOLEAN;
TBD
 
IS_FAILOVER
Clearly "FAILOVER" is not just a reference to RAC though it may well be RAC related lbac_cache.is_failover RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_failover THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-12458: Oracle Label Security not enabled
 
IS_OID_CONFIGURED
Returns TRUE if Oracle Identity Management is configured, else FALSE lbac_cache.is_oid_configured RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_oid_configured THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OLS_ENABLED
Returns TRUE if Oracle Label Security is configured, else FALSE lbac_cache.is_ols_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_ols_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OP_ALLOWED_LOGICAL
Undocumented lbac_cache.is_op_allowed_logical;
exec lbacsys.lbac_cache.is_op_allowed_logical;

PL/SQL procedure successfully completed.
 
IS_RAC_ENABLED
Undocumented lbac_cache.is_rac_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_rac_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-12458: Oracle Label Security not enabled
 
MAX_SES_POLICY_ID
Undocumented lbac_cache.max_ses_policy_id RETURN BINARY_INTEGER;
SELECT lbacsys.lbac_cache.max_ses_policy_id;
*
ORA-12458: Oracle Label Security not enabled
 
OPTION_NUMBER
Undocumented lbac_cache.option_number(options IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
OPTION_STRING
Undocumented lbac_cache.option_string(options IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in catolsddv.sql

CREATE OR REPLACE VIEW lbacsys.dba_lbac_policies
(policy_name, column_name, package, status, policy_options, policy_subscribed) AS
SELECT pol_name, column_name, package,
       DECODE(BITAND(flags,1),0,'DISABLED',1,'ENABLED','ERROR'),
       lbacsys.lbac_cache.option_string(options),
       DECODE(BITAND(flags,16),0,'FALSE',16,'TRUE','ERROR')
FROM lbacsys.ols$pol;
 
OPTION_STRING_IMP
Undocumented lbac_cache.option_string_imp(options IN BINARY_INTEGER) RETURN VARCHAR2;
TBD
 
PACKAGE
Undocumented lbac_cache.package(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
POLICYEXISTS
Undocumented lbac_cache.policyExists(policy_name IN VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.policyExists('ZZYZX') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-12458: Oracle Label Security not enabled
 
POLICY_NAME
Returns the policy name corresponding to a policy identifier lbac_cache.policy_name(policy_id IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in database catolsddv.sql

CREATE OR REPLACE VIEW LBACSYS.all_sa_levels AS
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsysS.sa$pol p, lbacsys.ols$levels l
WHERE p.pol# = l.pol#
AND p.pol# IN (
  SELECT pol#
  FROM lbacsys.sa$admin
  WHERE usr_name = SYS_CONTEXT('USERENV', 'CURRENT_USER'))
UNION
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsys.sa$pol p, lbacsys.ols$levels l, lbacsys.ols$user_levels ul
WHERE p.pol# = l.pol#
AND l.pol# = ul.pol#
AND l.level# <= ul.max_level
AND ul.usr_name =
    lbacsys.sa_session.sa_user_name(lbacsys.lbac_cache.policy_name(ul.pol#));
 
POL_NUMBER
Returns the policy identifier corresponding to a policy name lbac_cache.pol_number(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
SET_ALTER_ALLOW
Undocumented lbac_cache.set_alter_allow(allow IN NUMBER);
TBD
 
STORE_DEFAULT_OPTIONS
Undocumented lbac_cache.store_default_options(
policy_name     IN VARCHAR2,
default_options IN BINARY_INTEGER);
TBD
 
UPDATE_PROPS_TABLE
Undocumented lbac_cache.update_props_table(
ols_oid IN BINARY_INTEGER,
remove  IN BOOLEAN);
exec lbacsys.lbac_cache.update_props_table(0, TRUE);

PL/SQL procedure successfully completed.

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_RLS
LBAC_STANDARD
LBAC_SYSDBA
SA_SESSION
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved