Oracle | SA_SESSION

Oracle SA_SESSION Version 26ai

General Information

Library Note

Morgan's Library Page Header

The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows

Purpose Use this package to manages user name, levels, labels, and read and write permissions for the current session.

AUTHID DEFINER

Dependencies

ALL_SA_COMPARTMENTS	ALL_SA_USER_PRIVS	OLS$POL
ALL_SA_GROUPS	DBMS_MACOLS	OLS$SESSINFO
ALL_SA_GROUP_HIERARCHY	DBMS_MACOLS_SESSION	OLS$SESSION_LIBT
ALL_SA_LEVELS	DBMS_STANDARD	OLS$USER_LEVELS
ALL_SA_USERS	LBAC_CACHE	SA_UTL
ALL_SA_USER_COMPARTMENTS	LBAC_LGSTNDBY_UTIL	USER_SA_SESSION
ALL_SA_USER_GROUPS	LBAC_STANDARD	V_$INSTANCE
ALL_SA_USER_LABELS	OLS$LAB	V_$OPTION
ALL_SA_USER_LEVELS

Documented Yes: In Label Security Administration doc

First Available 10.1

Security Model Owned by LBACSYS with EXECUTE granted to PUBLIC and DVSYS.

Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb

Subprograms

COMP_READ	MAX_WRITE_LABEL	SAVE_DEFAULT_LABELS
COMP_WRITE	MIN_LEVEL	SA_USER_NAME
GROUP_READ	PRIVS	SET_ACCESS_PROFILE
GROUP_WRITE	READ_LABEL	SET_LABEL
LABEL	RESTORE_DEFAULT_LABELS	SET_ROW_LABEL
MAX_LEVEL	ROW_LABEL	WRITE_LABEL
MAX_READ_LABEL

COMP_READ

Returns a comma-delimited list of compartments that the user is authorized to read sa_session.comp_read(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT * FROM all_sa_policies;

      

      SELECT sa_session.comp_read('DATA_ACCESS');

COMP_WRITE

Returns a comma-delimited list of compartments to which the user is authorized to write sa_session.comp_write(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT * FROM all_sa_policies;

      

      SELECT sa_session.comp_write('DATA_ACCESS');

GROUP_READ

Returns a comma-delimited list of groups that the user is authorized to read sa_session.group_read(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.group_read('DATA_ACCESS');

GROUP_WRITE

Returns a comma-delimited list of groups that the user is authorized to write sa_session.group_write(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.group_write('DATA_ACCESS');

LABEL

Returns the label associated with the specified policy for the current session sa_session.label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.label('DATA_ACCESS');

MAX_LEVEL

Returns the session's maximum authorized level sa_session.max_level(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.max_level('DATA_ACCESS');

MAX_READ_LABEL

Returns the label string that was used to initialize the session's maximum authorized read label composed of the maximum level, compartments and groups authorized for read access sa_session.max_read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.max_read_label('DATA_ACCESS');

MAX_WRITE_LABEL

Returns the label string that was used to initialize the session's maximum authorized write label composed of the maximum level, compartments and groups authorized for write access sa_session.max_write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.max_write_label('DATA_ACCESS');

MIN_LEVEL

Returns the session's minimum authorized level sa_session.min_level(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.min_level('DATA_ACCESS');

PRIVS

Returns the current session's privileges as a comma-delimited list sa_session.privs(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.privs('DATA_ACCESS');

READ_LABEL

Undocumented sa_session.read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.read_label('DATA_ACCESS');

RESTORE_DEFAULT_LABELS

Restores session and row labels to match the values stored in the data dictionary by SA_SESSION.SET_LABEL sa_session.restore_default_labels(policy_name IN VARCHAR2);

exec sa_session.restore_default_labels('DATA_ACCESS');

ROW_LABEL

Returns the name of the row label that is associated with the policy for the current session sa_session.row_label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.row_label('DATA_ACCESS');

SAVE_DEFAULT_LABELS

Stores the current session label and row label as the session's initial session label and default row label. Permits changing defaults to reflect the current session label and row label. Saved labels are used as the initial default settings for future sessions. sa_session.save_default_labels(policy_name IN VARCHAR2);

exec sa_session.save_default_labels('DATA_ACCESS');

SA_USER_NAME

Returns the name of the OLS user as set by SET_ACCESS_PROFILE or as established at login. sa_session.sa_user_name(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.sa_user_name('DATA_ACCESS');

SET_ACCESS_PROFILE

Sets session OLS authorizations and privileges to those of the specified user.

The session executing SET_ACCESS_PROFILE procedure must have the PROFILE_ACCESS privilege. sa_session.set_access_profile( poliy_name IN VARCHAR2, user_name IN VARCHAR2);

exec sa_session.set_access_profile('DATA_ACCESS�, sys_context('USERENV','EXTERNAL_NAME');

      

      exec sa_session.set_access_profile('DATA_ACCESS�, sys_context('USERENV', 'PROXY_USER');

      

      exec sa_session.set_access_profile('DATA_ACCESS�, sys_context('USERENV', 'CLIENT_IDENTIFIER');

SET_LABEL

Sets the label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_label( policy_name IN VARCHAR2, label IN VARCHAR2);

exec sa_session.set_label('DATA_ACCESS', 'C::IA::IS');

SET_ROW_LABEL

Sets the row label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_row_label( policy_name IN VARCHAR2, label IN VARCHAR2);

exec sa_session.set_row_label('DATA_ACCESS', 'P::OP::AO');

WRITE_LABEL

Sets the write label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;

SELECT sa_session.write_label('DATA_ACCESS');

Morgan's Library Page Footer

This site is maintained by Daniel Morgan. Last Updated: