Set up Row Level LBAC
You must log into the database as Pat before proceeding with this page.
In previous pages, SECADM Pat created security labels. Now, the security labels need to be granted to users accordingly so that they can access their own regional 'dailysales' table data.
Operation
SECADM grants security labels to users with the GRANT SECURITY LABEL command.
Solution
The query results in the right pane show that SECADM Pat grants:
- Security label 'NORTH' is granted to Betcy
, employee of customer service department.
- Security label 'SOUTH' is granted to Bob
, employee of customer service department.
- Security label 'EAST' is granted to Sam
, employee of customer service department.
- Security label 'WEST' is granted to Nick
, employee of customer service department.
- Security label 'CENTRAL' is granted to Joe
, general manager for NORTH and SOUTH regions.
- Security label 'COASTAL' is granted to Sue
, general manager for EAST and WEST regions.
- Security label 'SALES_ORGANIZATION' is granted to the Mark
, Vice President of J.K.Avro superstore.
When a user tries to access 'dailysales' table data, DB2 compares the user's security label with the row's security label. Access will be given to the user only if the security labels match. Otherwise an empty result set will be returned.