DB2 includes many powerful features to secure your data in the base product. In addition, DB2 offers the optional Advanced Access Control Feature, which adds label-based access control to DB2. (For information about the security features in DB2, see DB2 Security.)
Label Based Access Control
For the ultimate data access control, DB2 includes an optional Advanced Access Control feature that uses Label Based Access Control (LBAC) to let you decide exactly who has write access and who has read access to individual rows and individual columns in any given table. Once the LBAC rules have been defined, data access control is managed by DB2 and is completely transparent to the user. For example, a user accessing a table will only see the rows they are authorized to see and DB2 will act as if any unauthorized rows don't exist.
Defense in Depth
Label Based Access Control (LBAC) lets you decide who has write access and read access to individual rows and individual columns in any table. Once the LBAC rules are defined, data access control is managed by DB2 and is completely transparent to the user. For example, a user accessing a table will only see the rows they are authorized to see and DB2 will act as if any unauthorized rows don't exist.
Military Strength
LBAC meets the exacting standards and requirements of government agencies for applications that manage classified information. With LBAC, you can have peace of mind knowing that your data is protected according to these same demanding standards.
Flexible
LBAC is highly configurable. You can restrict users, including database administrators, from accessing rows or columns in some tables, but not others. You can even grant and revoke exceptions to the LBAC rules as required by your business and security needs.
