You must log into the database as Pat before proceeding with this page.
Read and/or write access on 'dailysales' table can be restricted with DB2 roles. However roles do not provide row or column level data access control. To restrict access to regional sales data in 'dailysales' table to only business need-to-know people, J.K.Avro superstore decides to implement row level LBAC.SECADM of J.K.Avro superstore sets up LBAC policies in such a way that only managers and employees of respective regions can access their own regional data. They cannot access sales data of other regions. On the other hand, the vice president Mark needs to analyze sales data of all regions. Therefore he is granted access to sales data of all the regions.
A security policy describes the criteria that will be used to decide who has read or write access to individual rows and individual columns of a table. A security policy defines the structure of a security label and also access rules, referred as DB2LBACRULES. These rules are predefined in DB2, there are read access rules and write access rules.
A security label is a database object that describes a certain set of security criteria. Security labels are applied to data in order to protect the data. They are granted to users to allow them to access protected data.
The query results in the right pane show that the security policies are created successfully.
These security policies set the LBAC rules and restrict access to rows of 'dailysales' table only to business need-to-know people.