You must log into the database as Pat before proceeding with this page.
Read and/or write access on 'credit_card' table can be restricted using DB2 roles. However roles do not provide row or column level data access control. To prevent some users from accessing all columns of 'credit_card' table and provide access to only business need-to-know people, J.K.Avro superstore decides to implement column level LBAC.
SECADM of J.K.Avro superstore sets up column level LBAC policies in such a way that only managers have full access to the credit card information and customer service employees only have write access.
A security policy describes the criteria that will be used to decide who has read or write access to individual rows and individual columns of a table. A security policy defines the structure of a security label and also access rules, referred as DB2LBACRULES. These rules are predefined in DB2, there are read access rules and write access rules.
A security label is a database object that describes a certain set of security criteria. Security labels are applied to data in order to protect the data. They are granted to users to allow them to access protected data.
The query results in the right pane show that the security policies are created successfully. These security policies set the LBAC rules and
restrict access to columns of 'credit_card' table only to business need-to-know people.
SECADM of J.K.Avro superstore sets up LBAC policies in such a way that only managers and employees of respective regions can access their own regional data. They cannot access sales data of other regions. On the other hand, the vice president Mark needs to analyze sales data of all regions. Therefore he is granted access to sales data of all the regions.