Business Problem



Data security is becoming one of the biggest challenges in the industry today. Data access needs to be protected at system level, database level, and database objects level. Data protection at system level and database level can be achieved by authentication and authorization. However data in the database tables needs to be protected as well. Not all employees of an organization need to have access to all table data. Users should be granted to see needed data only.

J.K.Avro superstore is looking for a solution which gives greater control on access to table data.



Operation



To be compliant with PCI security standard "Restrict access to cardholder data by business need-to-know", J.K.Avro superstore decides to implement row level label-based access control (LBAC) on 'dailysales' table which holds sales data for different regions.

Solution



To restrict data access by different regions, the superstore implements row level LBAC on 'dailysales' table.

LBAC is a security feature introduced in DB2 9. It provides content-based authorization using security labels. LBAC controls read and write access of users to individual rows and columns at table level. Data that is protected by a security label is called protected data.

The following security features are demonstrated in this tutorial to address the above problem:


Click here to refer to Usage Scenario and pre-requisites to prepare this tutorial