Row-level and column-level access control

You can use row-level and column-level access control to restrict access to certain types of information that require additional security.

Row-level and column-level access controls can help you to protect sensitive information and comply with government regulations for security and privacy. These access controls work with explicit privileges and administrative authorities. If you use row-level or column-level access control, view level access control is unnecessary.

Db2 restricts access to columns and rows based upon individual user permissions. When Db2 is in new function mode, the SECADMIN authority manages the privacy and security policies that are associated with individual tables. The SECADMIN authority also grants and revokes access privileges to specific rows and columns. Row-level and column-level access control affects all users and database administrators.

Row-level and column-level access control provides the following advantages:

• Integration within the database system
• Database level security
• SQL enforced security that does not require other products to monitor access
• Access that is managed by the Db2 security administrator
• Multiple access levels based on users, groups, or roles
• Row-level and column-level access control with filtering and data masking
• No requirement to filter sensitive data at the application level