Set up Column Level LBAC



You must log into the database as Pat before proceeding with this page.

SECADM Pat has created the LBAC policies, he now needs to grant them to appropriate users so that specific columns of 'credit_card' table can only be accessed according to the policy.



Operation


SECADM Pat grants security labels to users and associates security labels to the columns of the 'credit_card' table. Using the GRANT SECURITY LABEL command, SECADM grants security labels to roles with READ and/or WRITE access.

Solution


The query results on the right pane show that Pat

Now the column level LBAC is defined on 'credit_card' table.

When a user tries to access 'credit_card' table data, DB2 compares the user's security label with the row's security label. Access will be given to the user only if the security labels match. Otherwise an empty result set will be returned.