Business Problem



Data security is becoming one of the biggest challenges in the industry today. Data access needs to be protected at system level, database level, and database objects level. Data protection at system level and database level can be achieved by authentication and authorization. However data in the database tables needs to be protected as well. Not all employees of an organization need to have access to all table data. Users should be granted to see needed data only.

J.K.Avro superstore is looking for a solution which gives greater control on access to table data.



Operation



To be compliant with PCI security standard "Restrict access to cardholder data by business need-to-know", J.K.Avro superstore decides to implement label based access control (LBAC) on 'credit_card' table. The table holds sensitive information such as card holder name, card number, and CCV number.

Solution



To restrict data access in need-to-know basis, J.K.Avro superstore implements LBAC on 'credit_card' table.

LBAC is a security feature introduced in DB2 9. It provides content-based authorization using security labels. The LBAC allows to control read and write access of users to individual rows and columns at the table level. Data that is protected by a security label is called protected data.

The following security features are demonstrated in this tutorial to address the above problem:


Click here to refer to Usage Scenario and pre-requisites to prepare this tutorial