Implementing multilevel security with DB2

Multilevel security allows you to classify objects and users with security labels that are based on hierarchical security levels and non-hierarchical security categories. Multilevel security prevents unauthorized users from accessing information at a higher classification than their authorization. It also prevents users from declassifying information.

Using multilevel security with row-level granularity, you can define security for DB2® objects and perform security checks, including row-level security checks. Row-level security checks allow you to control which users have authorization to view, modify, or perform other actions on specific rows of data.

You can implement multilevel security with the following combinations:

DB2 authorization with multilevel security with row-level granularity: In this combination, DB2 grants are used for authorization at the DB2 object level (database, table, and so forth). Multilevel security is implemented only at the row level within DB2.
External access control and multilevel security with row-level granularity: In this combination, external access control (such as the RACF® access control module) is used for authorization at the DB2 object level. External access control also uses security labels to perform mandatory access checking on DB2 objects as part of multilevel security. Multilevel security is also implemented on the row level within DB2.

Important: The following information about multilevel security is specific to DB2. It does not describe all aspects of multilevel security. However, this specific information assumes that you have general knowledge of multilevel security.

Multilevel security
Multilevel security is a security policy that allows you to classify objects and users based on a system of hierarchical security levels and a system of non-hierarchical security categories.
Mandatory access checking
Mandatory access checking evaluates dominance relationships between user security labels and object security labels and determines whether to allow certain actions based on certain rules.
Implementing multilevel security at the object level
You can implement multilevel security with DB2 at the object level.
Implementing multilevel security with row-level granularity
Many applications need row-level security within the relational database so that access can be restricted to a specific set of rows. This security control often needs to be mandatory so that users are unable to bypass the row-level security mechanism. Using mandatory controls with z/OS® and RACF provides consistency across the system.
Restricting access to the security label column
If you do not want users to see a security label column, you can create views that do not include the column.
Managing data in a multilevel-secure environment
Multilevel security with row-level checking affects the results of the SELECT, INSERT, UPDATE, MERGE, DELETE, and TRUNCATE statements.
Implementing multilevel security in a distributed environment
SQL statements that originate from remote requesters can participate in a multilevel secure environment if all information on the requester has the same security label and all users of the requester are permitted to that security label.

Parent topic: Managing access through authorization IDs and roles

Related concepts:

Multilevel security

Access control through multilevel security