Row and column access control (RCAC)

Row and column access control (RCAC) provide a data-centric alternative to achieve data security.

RCAC places access control at the table level around the data itself. SQL rules that are created on rows and columns are the basis of the implementation of this capability.

RCAC terms

  • Base table - The table (physical file) the permission or mask is added to.
  • Dependent object - Any object (file, schema, function, or other object) the permission or mask references.
  • QIBM_DB_SECADM – The function usage identifer the user must be authorized to in order to manipulate all actions that are related to permissions and masks.
  • Row and Column Access Control (RCAC) – Access control is the ability to control the access to data by using permissions and masks.
  • Permission - A row permission defines a row access control rule for rows of a table.
  • Mask - A column mask defines a column access control rule for a specific column in a table.
  • RULETEXT – The expression to be used by the permission or mask.
  • 5770-SS1 IBM Advanced Data Security for i (Option 47) – Product that needs to be ordered and installed to be able to:
    • create row permissions.
    • create column masks.
    • execute database access over objects that have active RCAC.