Using the TRUNCATE statement with multilevel security

When a user with a valid security label uses a TRUNCATE statement to delete all data from a table with row-level security enabled, Db2 compares the security label of the user to the security label of each row.

About this task

Begin general-use programming interface information.The delete proceeds according to the following rules:

  • If the security label of the user and the security label of the row are equivalent, the row is deleted.
  • If the security label of the user dominates the security label of the row, the user's write-down privilege determines the result of the DELETE statement:
    • If the user has write-down privilege or write-down control is not enabled, the row is deleted.
    • If the user does not have write-down privilege and write-down control is enabled, the row is not deleted.
  • If the security label of the row dominates the security label of the user, the row is not deleted.
  • If the row cannot be deleted as a result of the security label verification, the TRUNCATE statement fails.End general-use programming interface information.