CREATE SECURITY LABEL COMPONENT statement

The CREATE SECURITY LABEL COMPONENT statement defines a component that is to be used as part of a security policy.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is in effect for the package (SQLSTATE 42509).

Authorization

The privileges held by the authorization ID of the statement must include SECADM authority.

Syntax

array-clause

set-clause

tree-clause

Description

component-name

Names the security label component. This is a one-part name. The name must not identify an existing security label component at the current server (SQLSTATE 42710).

ARRAY

Specifies an ordered set of elements.

string-constant,...: One or more string constant values that make up the set of valid values for this security label component. The order in which the array elements appear is important. The first element ranks higher than the second element. The second element ranks higher than the third element and so on.

SET

Specifies an unordered set of elements.

string-constant,...: One or more string constant values that make up the set of valid values for this security label component. The order of the elements is not important.

TREE

Specifies a tree structure of node elements.

string-constant: One or more string constant values that make up the set of valid values for this security label component.
ROOT: Specifies that the string-constant that follows the keyword is the root node element of the tree.
UNDER: Specifies that the string-constant before the UNDER keyword is a child of the string-constant that follows the UNDER keyword. An element must be defined as either being the root element or as being the child of another element before it can be used as a parent, otherwise an error (SQLSTATE 42704) is returned.

Rules

These rules apply to all three types of component (ARRAY, SET, and TREE):

Element names cannot contain any of these characters:
- Opening parenthesis - (
- Closing parenthesis - )
- Comma - ,
- Colon - :
An element name can have no more than 32 bytes (SQLSTATE 42622).
If a security label component is a set or a tree, no more than 64 elements can be part of that component.
A CREATE SECURITY LABEL COMPONENT statement can specify at most 65 535 elements for a security label component of type array.
No element name can be used more than once in the same component (SQLSTATE 42713).

Examples

Example 1: Create an ARRAY type security label component named LEVEL. The component has the following four elements, listed in order of decreasing rank: Top Secret, Secret, Classified, and Unclassified.
```
   CREATE SECURITY LABEL COMPONENT LEVEL
     ARRAY ['Top Secret', 'Secret', 'Classified', 'Unclassified']
```
Example 2: Create a SET type security label component named COMPARTMENTS. The component has the following three elements: Research, Analysis, and Collection.
```
   CREATE SECURITY LABEL COMPONENT COMPARTMENTS
     SET {'Collection', 'Research', 'Analysis'}
```

Example 3: Create a TREE type security label component named GROUPS. GROUPS has five elements: PROJECT, TEST, DEVELOPMENT, CURRENT, AND FIELD. The following diagram shows the relationship of these elements to one another:

         PROJECT
    ________|________
   |                 |
 TEST           DEVELOPMENT
               ______|______
              |             |
           CURRENT        FIELD


   CREATE SECURITY LABEL COMPONENT GROUPS
     TREE (
       'PROJECT' ROOT,
       'TEST' UNDER 'PROJECT',
       'DEVELOPMENT' UNDER 'PROJECT',
       'CURRENT' UNDER 'DEVELOPMENT',
       'FIELD' UNDER 'DEVELOPMENT'
     )