Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your developerWorks profile is displayed to the public, but you may edit the information at any time. Your first name, last name (unless you choose to hide them), and display name will accompany the content that you post.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

Select a language:

  • Close [x]
  • Close [x]

Document-level security using DB2 9 pureXML and LBAC

How to create a native XML repository and protect XML documents with DB2's Label-based Access Control feature

Brian M. Williams, Certified IT Architect, EMC
author photo
Brian Williams is a certified IT Architect with IBM Software Services Federal. His focus is on information management technology in the United States Federal Government community with an emphasis on database technology and information integration in the US Department of Defense. Before joining IBM, Mr. Williams was a principal consultant with Sybase, Inc., and a computer scientist with the United States Department of Defense. You can e-mail him at bmwilli@us.ibm.com.

Summary:  DB2® 9 pureXML™ provides native XML storage and retrieval. In addition, DB2 9 provides a new security protection mechanism called Label Based Access Control (LBAC). Combining these two features can produce a Native XML data store that can protect XML documents at the document level by labeling each document row with an LBAC security label, and assigning users their appropriate access level.

Date:  13 Jul 2006
Level:  Intermediate
PDF:  A4 and Letter (120 KB | 26 pages)Get Adobe® Reader®

Activity:  7407 views
Comments:  

Before you start

About this tutorial

This tutorial will take you step-by-step through the implementation of document-level security using DB2 9. Document-level security is a data protection solution that is achieved by bringing together two of DB2's newest features:

  • Native XML storage: pureXML
  • Label-based Access Control

Combining these two features produces a native XML data store that is capable of protecting XML documents and controlling access to them on a document-by-document basis.

Back to top

Objectives

The objective of this tutorial is to provide the basis of a solution for XML document-level security. The implementation in this tutorial is more focused on a federal government scenario; however, the solution can be tailored to any industry's needs. This tutorial is broken up into the following lessons:

  • Lesson 1: Use case and setup - Creates users, the LBAC policy, and the protected table containing XML.
  • Lesson 2: Stored procedure load - Creates a stored procedure to demonstrate the first of two methods for loading XML documents.
  • Lesson 3: XML decomposition load - Uses an annotated schema and decomposition to demonstrate the second method for loading XML documents.
  • Lesson 4: Query examples - Provide examples of querying the protected data using SQL/XML and XQuery.

In addition to providing a solution for document-level security, this tutorial provides examples of new concepts in DB2 9. These include:

  • The new security administrator authority
  • Creating an LBAC security policy
  • Creating tables with XML columns
  • Creating tables protected by an LBAC security policy
  • Using native XML data type as a parameter to stored procedures
  • Using XQuery to extract information from the XML parameters or variables
  • Inserting XML data with an LBAC security label
  • Using the new XML decomposition feature, including the <db2-xdb:expression> annotation

Back to top

Prerequisites

This tutorial is written for DB2 database developers and DB2 database administrators. You should have a basic understanding of DB2's new pureXML and LBAC features. For links to other developerworks articles introducing these features, please see the Resources section of this tutorial.

Back to top

System requirements

DB2 9 for Linux®, UNIX®, and Windows® installed.

1 of 9 | Next

Comments

Back to top

Close [x]

Help: Update or add to My dW interests

What's this?

This little timesaver lets you update your My developerWorks profile with just one click! The general subject of this content (AIX and UNIX, Information Management, Lotus, Rational, Tivoli, WebSphere, Java, Linux, Open source, SOA and Web services, Web development, or XML) will be added to the interests section of your profile, if it's not there already. You only need to be logged in to My developerWorks.

And what's the point of adding your interests to your profile? That's how you find other users with the same interests as yours, and see what they're reading and contributing to the community. Your interests also help us recommend relevant developerWorks content to you.

View your My developerWorks profile

Return from help

Close [x]

Help: Remove from My dW interests

What's this?

Removing this interest does not alter your profile, but rather removes this piece of content from a list of all content for which you've indicated interest. In a future enhancement to My developerWorks, you'll be able to see a record of that content.

View your My developerWorks profile

Return from help

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Information Management, XML
ArticleID=146076
TutorialTitle=Document-level security using DB2 9 pureXML and LBAC
publish-date=07132006
author1-email=bmwilli@us.ibm.com
author1-email-cc=

Table of contents

1 of 9 | Next

Next steps from IBM

Tags

Help
Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).

My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

Use the search field to find all types of content in My developerWorks with that tag. Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere). My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).

 

Dig deeper into Information Management on developerWorks

Try IBM PureSystems. No charge.

IBM PureSystems on a kaleideoscope background

Experience today!

Get started with the cloud-based trial and pattern development kit.

Share this page:

  • Close [x]

Follow developerWorks:

  • Close [x]