DB2 Version 9.7 for Linux, UNIX, and Windows

CREATE SECURITY LABEL COMPONENT statement

The CREATE SECURITY LABEL COMPONENT statement defines a component that is to be used as part of a security policy.

Invocation

This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is in effect for the package (SQLSTATE 42509).

Authorization

The privileges held by the authorization ID of the statement must include SECADM authority.

Syntax

Read syntax diagramSkip visual syntax diagram
>>-CREATE SECURITY LABEL COMPONENT--component-name--+-| array-clause |-+-><
                                                    +-| set-clause |---+   
                                                    '-| tree-clause |--'   

array-clause

             .-,---------------.      
             V                 |      
|--ARRAY--[----string-constant-+--]-----------------------------|

set-clause

           .-,---------------.      
           V                 |      
|--SET--{----string-constant-+--}-------------------------------|

tree-clause

|--TREE--(--string-constant--ROOT--+------------------------------------------------+--)--|
                                   | .--------------------------------------------. |      
                                   | V                                            | |      
                                   '---,--string-constant--UNDER--string-constant-+-'      

Description

component-name
Names the security label component. This is a one-part name. The name must not identify an existing security label component at the current server (SQLSTATE 42710).
ARRAY
Specifies an ordered set of elements.
string-constant,...
One or more string constant values that make up the set of valid values for this security label component. The order in which the array elements appear is important. The first element ranks higher than the second element. The second element ranks higher than the third element and so on.
SET
Specifies an unordered set of elements.
string-constant,...
One or more string constant values that make up the set of valid values for this security label component. The order of the elements is not important.
TREE
Specifies a tree structure of node elements.
string-constant
One or more string constant values that make up the set of valid values for this security label component.
ROOT
Specifies that the string-constant that follows the keyword is the root node element of the tree.
UNDER
Specifies that the string-constant before the UNDER keyword is a child of the string-constant that follows the UNDER keyword. An element must be defined as either being the root element or as being the child of another element before it can be used as a parent, otherwise an error (SQLSTATE 42704) is returned.

Rules

These rules apply to all three types of component (ARRAY, SET, and TREE):

Examples

Example 1: Create an ARRAY type security label component named LEVEL. The component has the following four elements, listed in order of decreasing rank: Top Secret, Secret, Classified, and Unclassified.
   CREATE SECURITY LABEL COMPONENT LEVEL
     ARRAY ['Top Secret', 'Secret', 'Classified', 'Unclassified']
Example 2: Create a SET type security label component named COMPARTMENTS. The component has the following three elements: Research, Analysis, and Collection.
   CREATE SECURITY LABEL COMPONENT COMPARTMENTS
     SET {'Collection', 'Research', 'Analysis'}
Example 3: Create a TREE type security label component named GROUPS. GROUPS has five elements: PROJECT, TEST, DEVELOPMENT, CURRENT, AND FIELD. The following diagram shows the relationship of these elements to one another:
         PROJECT
    ________|________
   |                 |
 TEST           DEVELOPMENT
               ______|______
              |             |
           CURRENT        FIELD


   CREATE SECURITY LABEL COMPONENT GROUPS
     TREE (
       'PROJECT' ROOT,
       'TEST' UNDER 'PROJECT',
       'DEVELOPMENT' UNDER 'PROJECT',
       'CURRENT' UNDER 'DEVELOPMENT',
       'FIELD' UNDER 'DEVELOPMENT'
     )