SECLABEL_TO_CHAR Function
The SECLABEL_TO_CHAR function returns a security label in the security label string format.
The security credentials of the user executing this function can affect the output of the function. An element of a security label component is not included in the output if the user does not have read access to that element. A user has read access to an element if the security credentials of the user provide read access to data that is protected by a security label containing only that element and no other elements.
For the rule set IDSLBACRULES, only components of type TREE can contain elements to which a user does not have read access to a subset of elements. For other types of component, if any element blocks read access, then the user cannot read the row at all. Thus, only security components of type TREE can have a subset of security component elements excluded in this way.
For example, if the TREE type component of the security label of a user is {A} and the TREE type component of a row security label is {A, B}, then only component A is returned, and the user is not aware that B existed in the row security label. If the user holds an exemption on the IDSLBACREADTREE rule, however, the returned security components are both A and B.
SELECT SECLABEL_TO_CHAR ('MegaCorp’, C1) FROM T1;
Row returned:
'Director:(HR,Finance)'
The success of this query implies that the SECLABEL_TO_CHAR function succeeded, and that the security credentials of the user were sufficient, according to the IDSLBACREAD rules of the MegaCorp security policy, for the database server to allow read access to the values of the security policy name and of the security label components."
The security label string is limited to a maximum size of 32 kilobytes. If the length of the security label string to be returned exceeds this upper limit, a warning is issued, and a truncated 32 kilobyte string is returned.