The sw1 role
This example shows the use of the sw1 role, where the
row-secure table looks like an ordinary table.
MLSSAMPLE.SCH(ENGMGR)=> \c mlssample sw1 swsw
You are now connected to database mlssample as user sw1.
MLSSAMPLE.SCH(SW1)=> INSERT INTO projstatus VALUES (1, 'SW1 Project',
143);
INSERT 0 1
The following example fails because the user does
not have Label Access.
MLSSAMPLE.SCH(SW1)=> SELECT *, _SEC_LABEL FROM projstatus;
ERROR: query: permission denied.
MLSSAMPLE.SCH(SW1)=> SELECT * FROM projstatus;
ID | NAME | METRIC
----+-------------+--------
1 | SW1 Project | 143
(1 row)
The following examples work normally.
MLSSAMPLE.SCH(SW1)=> UPDATE projstatus SET METRIC = 145 WHERE NAME = 'SW1
Project';
UPDATE 1
MLSSAMPLE.SCH(SW1)=> DELETE projstatus WHERE NAME = 'SW1 Project';
DELETE 1
In the following example, the project cannot be
deleted, because it cannot be seen with the available permissions.
MLSSAMPLE.SCH(SW1)=> DELETE projstatus WHERE NAME = 'Project Red';
DELETE 0