ORA-12406: unauthorized SQL statement for policy

Question

I am receiving the following error:

ORA-12406: unauthorized SQL statement for policy

I am executing a stored procedure that executes the following two Oracle Label Security stored procedures:

1. SA_COMPONENTS.CREATE_GROUP

2. SA_LABEL_ADMIN.CREATE_LABEL

In the same transaction, but not the same procedure, I am trying to insert into a table using the newly created label. This is when the error occurs. I Googled the error, but the description doesn't help me. I do not know what privilege or authorization I would have to give to make this work. If I split the stored procedure and the insert statement into two separate transactions, it works fine. I am looking for an explanation as to what is going on here.

ORA-12406: unauthorized SQL statement for policy string Cause: The policy did not authorize the database session to perform the requested SQL statement. Action: Grant the user or program unit the necessary policy privilege or additional authorizations....

Answer 1

From your description and testing it appears that the SA_COMPONENTS and SA_LABEL_ADMIN packages are participating in the transaction (i.e. they insert or update information in system tables that are part of the Label Security architecture but do not commit) and this information needs to be committed prior the application table insert.