ALTER SECURITY LEVEL
Use the ALTER SECURITY LEVEL command to change the name or value of a security level.
Synopsis
ALTER SECURITY LEVEL <level-name>
{ RENAME TO <new-level-name> | VALUE <level-number> }
Inputs
Input | Description |
---|---|
<level_name> | The identifier of an existing level name. |
<new-level-name> | An identifier to be the new name of the level. The name must be unique among security level names. Due to the total size limitation of the system security label field, use short level names. For compatibility with other vendors, do not use delimited identifiers, use only ASCII characters, and limit name length to 30 characters. |
<level_number> | A positive integer level value 1 - 32766. Higher levels are more secure; lower values are less secure. |
Outputs
Output | Description |
---|---|
ALTER SECURITY LEVEL | The message that the system returns if the command is successful. |
ERROR: permission denied. | You must have Manage Security privilege to alter a security level. |
ERROR: level number <number> already exists. | The specified level number exists. A level number can only have one name. |
ERROR: level number <number> is out of range. | The level number must be 1 - 32766. Level number 0 is predefined by the system as level PUBLIC. Level number 32767 is predefined by the system as level OMNI. Negative level numbers are not allowed. |
ERROR: object <new-level-name> already exists. | The new level name must be different from all other security level names. |
ERROR: object <level-name> not found. | The level name must exist. |
ERROR: label security in use. | You cannot change the value of a security level after there is user data that might reference that level. |
Description
The ALTER SECURITY LEVEL command either renames a security level or changes the value of the security level. You can rename a security level at any time. However, you can only change the value of the level if there are no ROW SECURITY tables defined in any database in the system.
Develop and review your label security configuration before you create any ROW SECURITY tables. After tables are defined, you can add levels to the system or rename levels, but you cannot change the value of or remove levels.
- Privileges required
- You must have Manage Security privilege to alter security levels.
- Common tasks
- Use the ALTER SECURITY LEVEL command to update the system catalog to add the new object, and update the security level name to value mapping.
Usage
ALTER SECURITY LEVEL SECRET { RENAME TO CONFIDENTIAL VALUE 22 };