Write-down control

Mandatory access checking prevents a user from declassifying information. It prevents a user from writing to an object unless the security label of the user is equivalent to or dominated by that of the object.

Db2 requires either the equivalence of the security labels or the write-down privilege of the user to write to Db2 objects.

Example: Suppose that user1 has a security label of HIGH and that row_x has a security label of MEDIUM. Because the security label of the user and the security label of the row are not equivalent, user1 cannot write to row_x. Therefore, write-down control prevents user1 from declassifying the information that is in row_x.

Example: Suppose that user2 has a security label of MEDIUM and that row_x has a security label of MEDIUM. Because the security label of the user and the security label of the row are equivalent, user2 can read from and write to row_x. However, user2 cannot change the security label for row_x unless user2 has write-down privilege. Therefore write-down control prevents user2 from declassifying the information that is in row_x.