The engmgr role

For this example, insert values into the projstatus database by using the engmgr role. By default, the insert command uses the security label of the inserter. Also _sec_label does not automatically expand from the asterisk, you must specifically request it.
MLSSAMPLE.SCH(DBA)=> \c mlssample engmgr emem
You are now connected to database mlssample as user engmgr.
MLSSAMPLE.SCH(ENGMGR)=> INSERT INTO projstatus VALUES (1, 'Secret 
Project', 105);
INSERT 0 1
MLSSAMPLE.SCH(ENGMGR)=> SELECT *, _SEC_LABEL FROM projstatus;
 ID |      NAME      | METRIC |      _SEC_LABEL
----+----------------+--------+----------------------
  1 | Secret Project |    105 | SECRET:RED,GREEN:ENG
(1 row)
The next example explicitly enters a label, which is allowed because the engmgr has Label Expand permission, which allows insertion of a label less restrictive than their own
MLSSAMPLE.SCH(ENGMGR)=> INSERT INTO projstatus(id,name,metric,_SEC_LABEL) 
VALUES (2, 'Project Red', 113) 'confidential:red:eng');
INSERT 0 1
The next example explicitly enters a label that sw1 can see.
MLSSAMPLE.SCH(ENGMGR)=> INSERT INTO projstatus(id,name,metric,_SEC_LABEL) 
VALUES (3, 'Project Green', 113) 'confidential:green:eng');
INSERT 0 1
The next example fails because sw is a subset of eng, making it a more restrictive label. This would be allowed if engmgr had Label Restrict permission.
MLSSAMPLE.SCH(ENGMGR)=> INSERT INTO projstatus(id,name,metric,_SEC_LABEL) 
VALUES (4, 'Manhattan', 102) 'secret:red:sw');
ERROR:  Security Label : Permission denied.
The next example fails because the category name does not exist.
MLSSAMPLE.SCH(ENGMGR)=> INSERT INTO projstatus(id,name,metric,_SEC_LABEL) 
VALUES (4, 'General', 164) 'confidential:eng');
ERROR:  Security Label : Category name does not exist.
Use select to see the results.
MLSSAMPLE.SCH(ENGMGR)=> SELECT *, _SEC_LABEL FROM projstatus; 
 ID |      NAME      | METRIC |       _SEC_LABEL
----+----------------+--------+------------------------
  3 | Project Green  |    113 | CONFIDENTIAL:GREEN:ENG
  1 | Secret Project |    105 | SECRET:RED,GREEN:ENG
  2 | Project Red    |    113 | CONFIDENTIAL:RED:ENG
(3 rows)