developerWorks

AIX and UNIX
Information Mgmt
	New to Information Mgmt
	Products
	How to buy
	Downloads
	Technical library
	Training
	Support
	Services
	Forums & community
	News
	Events
Lotus
Rational
Tivoli
WebSphere

Architecture
Java™ technology
Linux
Multicore acceleration
Open source
SOA and Web services
Web development
XML

About dW
Submit content
Feedback

Related links
	ISV resources
	alphaWorks (emerging technologies)
	IBM Academic Initiative
	IBM Student Portal
	IBM Virtual Innovation Center (Bus. Partners)
	IBM Redbooks
	IBM Press books
	IBM communities

Local sites
	developerWorks 中国
	developerWorks Japan
	developerWorks 한국
	developerWorks Россия
	developerWorks Brasil
	developerWorks en español
	developerWorks Việt Nam

developerWorks > Information Management | Architecture >

DB2 Label-Based Access Control, a practical guide, Part 1: Understand the basics of LBAC in DB2

A step-by-step guide to protect sensitive data

Level: Intermediate

Carmen K. Wong (ckmwong@ca.ibm.com), Software Developer, IBM
Stan Musker (smusker@ca.ibm.com), DB2 Information Developer, IBM

04 May 2006


	Register now or sign in using your IBM ID and password.

Label-Based Access Control (LBAC) is a security feature introduced in the DB2® Viper release. With LBAC, administrators can control read and write access of a user at the table column and row level. This tutorial includes use case scenarios that demostrate how users can apply LBAC to protect their data from illegal access, and yet have the flexibility of allowing users to access data restrictively. The tutorial provides a step-by-step guide to creating LBAC solutions based on use-case scenarios.

Prerequisites

This tutorial is written for DB2 database developers and DB2 database administrators. You should understand the basic concepts of LBAC.

System requirements

DB2 Viper for Linux®, UNIX®, and Windows®

Duration

2 hours

Formats

html, pdf

Introduction

This tutorial provides a guide to using DB2's Label-Based Access Control (LBAC) security feature. LBAC controls access to table objects by attaching security labels to them. Users attempting to access an object must have its security label granted to them. When there's a match, access is permitted; without a match, access is denied. There are three types of security labels:

Row security labels. A security label associated with a data row or record in a database table.
Column security labels. A security label associated with a column in a database table.
User security labels. A security label granted to a database user.

A security label is composed of one or more security label components. There are three types of security label components that you can use to build your security labels:

Sets. A set is a collection of elements where the order in which those elements appear is not important. All elements are deemed equal.
Arrays. An array is an ordered set that can be used to represent a simple hierarchy. In an array, the order in which the elements appear is important. For example, the first element ranks higher than the second element and the second higher than the third.
Trees. A tree represents a more complex hierarchy that can have multiple nodes and branches. For example, trees can be used to represent organizational charts. You use a security policy to define the security label components that make up a particular security label.

DB2 Security Administrator (SECADM) is required to manipulate LBAC objects. SECADM authority can only be granted by SYSADM. A database manager (DBM) does not have SECADM by default.

Share this....

Digg this story

del.icio.us

Slashdot it!

Back to top

Document options

Document options requiring JavaScript are not displayed

Discuss

My developerWorks needs you!

Connect to your technical community

More in this series:
DB2 Label-Based Access Control, a practical guide