CREATE SECURITY LABEL statement

The CREATE SECURITY LABEL statement defines a security label.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is in effect for the package (SQLSTATE 42509).

Authorization

The privileges held by the authorization ID of the statement must include SECADM authority.

Syntax

Read syntax diagramSkip visual syntax diagramCREATE SECURITY LABELsecurity-label-name ,COMPONENTcomponent-name,string-constant

Description

security-label-name
Names the security label. The name must be qualified with a security policy (SQLSTATE 42704), and must not identify an existing security label for this security policy (SQLSTATE 42710).
COMPONENT component-name
Specifies the name of a security label component. If the component is not part of the security policy security-policy-name, an error is returned (SQLSTATE 4274G). If a component is specified twice in the same statement, an error is returned (SQLSTATE 42713).
string-constant,...
Specifies a valid element for the security component. A valid element is one that was specified when the security component was created. If the element is invalid, an error is returned (SQLSTATE 4274F).

Examples

  • Example 1: Create a security label named EMPLOYEESECLABEL that is part of the DATA_ACCESS security policy, and that has the element Top Secret for the LEVEL component and the elements Research and Analysis for the COMPARTMENTS component. 
       CREATE SECURITY LABEL DATA_ACCESS.EMPLOYEESECLABEL  
     COMPONENT LEVEL 'Top Secret',
     COMPONENT COMPARTMENTS 'Research', 'Analysis'
  • Example 2: Create a security label named EMPLOYEESECLABELREAD that has the element Top Secret for the LEVEL component and the element Research for the COMPARTMENTS component. 
       CREATE SECURITY LABEL DATA_ACCESS.EMPLOYEESECLABELREAD  
     COMPONENT LEVEL 'Top Secret',
     COMPONENT COMPARTMENTS 'Research'
  • Example 3: Create a security label named EMPLOYEESECLABELWRITE that has the element Analysis for the COMPARTMENTS component and a null value for the LEVEL component. Assume that the security policy named DATA_ACCESS is the same security policy that is used in examples 1 and 2. 
       CREATE SECURITY LABEL DATA_ACCESS.EMPLOYEESECLABELWRITE  
     COMPONENT COMPARTMENTS 'Analysis'
  • Example 4: Create a security label named BEGINNER that is part of an existing CLASSPOLICY security policy, and that has the element Trainee for the TRUST component and the element Morning for the SECTIONS component. 
       CREATE SECURITY LABEL CLASSPOLICY.BEGINNER  
     COMPONENT TRUST 'Trainee',
     COMPONENT SECTIONS 'Morning'