Oracle SA_AUDIT_ADMIN
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose This package configures auditing for labels and policies specific to Oracle Label Security and, in addition, creates an auditing-related view.
AUTHID DEFINER
Dependencies
DBMS_ASSERT LBAC_CACHE LBAC_UTL
DBMS_STANDARD LBAC_SERVICES OLS$POL
LBAC$USER_LIBT LBAC_STANDARD  
Documented Yes
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available 10.1
Security Model Owned by LBACSYS with no privileges granted.

To use this package a schema must be granted the policy_DBA role.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
AUDIT AUDIT_LABEL_ENABLED_SQL NOAUDIT
AUDIT_LABEL CREATE_VIEW NOAUDIT_LABEL
AUDIT_LABEL_ENABLED DROP_VIEW  
 
AUDIT
Enables policy-specific auditing. Audit records capture Oracle OLS administrative actions and the use of Oracle Label Security privileges
that were used during logons, DML executions, and trusted stored procedure invocations		 sa_audit_admin.audit(
policy_name  IN VARCHAR2,
users        IN VARCHAR2 DEFAULT NULL,
audit_option IN VARCHAR2 DEFAULT NULL,
audit_type   IN VARCHAR2 DEFAULT NULL,  -- options 'BY ACCESS' or 'BY SESSION'
success      IN VARCHAR2 DEFAULT NULL); -- options 'SUCCESSFUL' or 'NOT SUCCESSFUL'

Audit Options
Option Description
APPLY Audits application of specified Oracle Label Security policies to tables and schemas
PRIVILEGES Audits use of all policy-specific privileges
REMOVE Audits removal of specified Oracle Label Security policies from tables and schemas
SET Audits the setting of user authorizations, and user and program privileges
exec sa_audit_admin.audit('DATA_ACCESS');

PL/SQL procedure successfully completed.
 
AUDIT_LABEL
Records policy labels during auditing sa_audit_admin.audit_label(policy_name IN VARCHAR2);
exec sa_audit_admin.audit_label('DATA_ACCESS');
 
AUDIT_LABEL_ENABLED
Returns a flag indicating whether labels are being recorded in audit records for the policy sa_audit_admin.audit_label_enabled(policy_name IN VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF sa_audit_admin.audit_label_enabled('DATA_ACCESS') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-12458: Oracle Label Security not enabled

SELECT COUNT(*)
FROM ols_admin.ols_aud$;
 
AUDIT_LABEL_ENABLED_SQL
Undocumented but identical in function to AUDIT_LABEL_ENABLED, above, except that it returns an integer value and the function can be incorporated into SQL statements sa_audit_admin.audit_label_enabled_sql(policy_name IN VARCHAR2)
RETURN BINARY_INTEGER;
SELECT sa_audit_admin.audit_label_enabled_sql('DATA_ACCESS');
       *
ORA-12458: Oracle Label Security not enabled
 
CREATE_VIEW
Creates an audit trail view named DBA_policyname_AUDIT_TRAIL but the user can optionally specify a different name sa_audit_admin.create_view(
policy_name IN VARCHAR2,
view_name   IN VARCHAR2 DEFAULT NULL);
exec sa_audit_admin.create_view('DATA_ACCESS', 'OLS_AUD$_DAP');

PL/SQL procedure successfully completed.
 
DROP_VIEW
Drops the OLS auditing view sa_audit_admin.drop_view(
policy_name IN VARCHAR2,
view_name   IN VARCHAR2 DEFAULT NULL);
exec sa_audit_admin.drop_view('DATA_ACCESS', 'OLS_AUD$_DAP');

PL/SQL procedure successfully completed.
 
NOAUDIT
Disables Oracle Label Security policy specific auditing

A list of audit options is associated with the AUDIT procedure above		 sa_audit_admin.noaudit(
policy_name  IN VARCHAR2,
users        IN VARCHAR2 DEFAULT NULL,
audit_option IN VARCHAR2 DEFAULT NULL
exec sa_audit_admin.noaudit('DATA_ACCESS');

PL/SQL procedure successfully completed.
 
NOAUDIT_LABEL
Disables the auditing of policy labels sa_audit_admin.noaudit_label();
exec sa_audit_admin.noaudit_label('DATA_ACCESS');

PL/SQL procedure successfully completed.

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC$SA_LABELS
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_POLICY_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved