LBAC security label components overview
A security label component is a database object that is part of label-based access control (LBAC). You use security label components to model your organization's security structure.
- How well trusted the user is
- What department the user is in
- Whether the user is involved in a particular project
An element of a security label component is one particular "setting" that is allowed for that component.
Creating a security label component
You must be a security administrator to create a security label component. You create security label components with the SQL statement CREATE SECURITY LABEL COMPONENT.
- A name for the component
- What type of component it is (ARRAY, TREE, or SET)
- A complete list of allowed elements
- For types ARRAY and TREE you must describe how each element fits into the structure of the component
After creating your security label components, you can create a security policy based on these components. From this security policy, you can create security labels to protect your data.
Types of components
- TREE: Each element represents a node in a tree structure
- ARRAY: Each element represents a point on a linear scale
- SET: Each element represents one member of a set
The details of each type, including detailed descriptions of the relationships that the elements can have with each other, are described in their own section.
Altering security label components
The security administrator can use the ALTER SECURITY LABEL COMPONENT statement to modify a security label component.
Dropping a security label component
You must be a security administrator to drop a security label component. You drop a security label component with the SQL statement DROP.