Oracle LBAC_SYSDBA
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose Manages Oracle Label Security policies, such as creating, altering and or disabling.
AUTHID DEFINER
Dependencies
DBMS_ASSERT LBAC$USER_LIBT LBAC_UTL
DBMS_DATAPUMP LBAC_CACHE OLS$POL
DBMS_PRIV_CAPTURE LBAC_LGSTNDBY_UTIL OLS$POLT
DBMS_SQL LBAC_SERVICES OLS_UTIL_WRAPPER
DBMS_STANDARD LBAC_STANDARD SA_SYSDBA
Documented No
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available 10.1
Policy Enforcement Options
ALL_CONTROL LABEL_DEFAULT READ_CONTROL
CHECK_CONTROL LABEL_UPDATE UPDATE_CONTROL
DELETE_CONTROL NO_CONTROL WRITE_CONTROL
INSERT_CONTROL    
Security Model Owned by LBACSYS with no privileges granted.
-- sys must perform the following

GRANT inherit privileges ON USER sys TO lbacsys;
GRANT lbac_dba to SYS;
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
ALTER_POLICY DISABLE_POLICY ENABLE_POLICY
CREATE_POLICY DROP_POLICY  
 
ALTER_POLICY
Alter an OLS policy lbac_sysdba.alter_policy(
policy_name     IN VARCHAR2,
default_options IN VARCHAR2,
column_name     IN VARCHAR2,
username        IN VARCHAR2,
create_policy   IN BOOLEAN);
exec lbac_sysdba.alter_policy('DATA_ACCESS', 'READ_CONTROL, DELETE_CONTROL', 'ID_CTRL', 'UWCLASS', FALSE);
 
CREATE_POLICY
Creates a new Label Security policy, defining a package and a policy-specific column name lbac_sysdba.create_policy(
policy_name IN VARCHAR2,
package     IN VARCHAR2,
column_name IN VARCHAR2,
username    IN VARCHAR2);
TBD
 
DISABLE_POLICY
Disable an OLS policy lbac_sysdba.disable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.disable_policy('DATA_ACCESS');
 
DROP_POLICY
Drop an OLS policy lbac_sysdba.drop_policy(
policy_name IN VARCHAR2,
drop_column IN BOOLEAN,
username    IN VARCHAR2);
exec lbacsys.lbac_sysdba.drop_policy('DATA_ACCESS', TRUE, 'UWCLASS');
 
ENABLE_POLICY
Enable an OLS policy lbac_sysdba.enable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.enable_policy('DATA_ACCESS');

Related Topics
Built-in Functions
Built-in Packages
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved