Security policies define criteria that determine who has write and/or read access to individual rows and columns of tables.
Every protected table must have exactly one security policy associated with it. Rows and columns in that table can only be protected with security labels that are part of that security policy and all access of protected data follows the rules of that policy. You can have multiple security policies in a single database but you cannot have more than one security policy protecting any given table.
Security policies are supported for DB2 for Common Server v9.5 and higher. PowerDesigner models security policies as extended objects with a stereotype of <<SecurityPolicy>>.
You can modify an object's properties from its property sheet. To open a security policy property sheet, double-click its Browser entry in the Security Policies folder.
The following extended attributes are available on the General tab:
Property |
Description |
---|---|
Use group authorization |
Specifies that security labels and exemptions granted directly or indirectly to groups are considered for any access attempt. Scripting name: GroupAuthorization |
Use role authorization |
Specifies that security labels and exemptions granted directly or indirectly to roles are considered for any access attempt. Scripting name: RoleAuthorization |
Restrict Not Authorized Write Security Label |
Specifies the action that is to be taken when a user is not authorized to write the explicitly specified security label that is provided in the INSERT or UPDATE statement issued against a table that is protected with this security policy. A user's security label and exemption credentials determine the user's authorization to write an explicitly provided security label. Scripting name: Restrict |
The following tabs are also available: