Changes in This Release for Oracle Label Security Administrator's Guide

New for this release is the standalone OLS_LABEL_DOMINATES function, which replaces the SA_UTL.DOMINATES function.

See "OLS_LABEL_DOMINATES Standalone Function" for more information.

The following standalone function is deprecated in this release, and may be desupported in a future release:

SA_UTL.DOMINATES, using the following syntax:

FUNCTION DOMINATES (
  ols_policy_name  IN VARCHAR2,
  label            IN VARCHAR2) 
RETURN BOOLEAN

The SA_UTL.DOMINATES function that uses the NUMBER datatype is not deprecated.

Oracle Label Security has specific requirements for upgrades and downgrades from or to Oracle Database 12c Release 1 (12.1).

See "Oracle Label Security Upgrades and Downgrades" for more information.

Oracle Database Release 12.1 introduces the Oracle Multitenant option, which enables you to plug one or more pluggable databases (PDBs) into a multitenant container database (CDB).

You can use Oracle Label Security with a CDB. Each PDB has its own Label Security metadata, such as policies, labels, and user authorizations. In addition, the objects within the LBACSYS schema are automatically available to any child PDB. LBACSYS schema is a common user schema.

See "Oracle Label Security Integration in a Multitenant Environment" for more information.

Oracle Label Security is installed by default in Oracle Database 12c Release 1 (12.1), making the installation process simpler. You do not need to perform an advanced installation and select the Oracle Label Security check box.

See "When You Must Disable Oracle Label Security" for more information.

Oracle Database 12c Release 1 (12.1) uses a unified audit trail to capture information from various audit sources, including Oracle Label Security. OLS auditing is configured using audit policies. OLS auditing in 12c Release 1 (12.1) enables you to audit additional events such as enabling and disabling OLS policies.

If you have upgraded your database to 12c Release 1 (12.1), but have not configured it to use unified auditing, then you must use pre-12c OLS auditing.

See Auditing Under Oracle Label Security for more information.

Starting with Oracle Database 12c Release 1 (12.1), Oracle Label Security metadata in the LBACSYS schema can be included when doing a full database export and import operation. The source database can be Oracle Database 11g Release 2 (11.2.0.3), or higher, but the target database must be Oracle Database 12c Release 1 (12.1) or higher.

See Performing DBA Functions Under Oracle Label Security for more information.