Multilevel security

Multilevel security is a security policy that allows you to classify objects and users based on a system of hierarchical security levels and a system of non-hierarchical security categories.

Multilevel security provides the capability to prevent unauthorized users from accessing information at a higher classification than their authorization, and prevents users from declassifying information.

Multilevel security offers the following advantages:

Multilevel security enforcement is mandatory and automatic.
Multilevel security can use methods that are difficult to express through traditional SQL views or queries.
Multilevel security does not rely on special views or database variables to provide row-level security control.
Multilevel security controls are consistent and integrated across the system, so that you can avoid defining users and authorizations more than once.
Multilevel security does not allow users to declassify information.

Using multilevel security, you can define security for DB2® objects and perform other checks, including row-level security checks. Row-level security checks allow you to control which users have authorization to view, modify, or perform other actions on specific rows of data.

Start of change Multilevel security and row access control are mutually exclusive. While you can activate column access control on a table that has a security label column and enforce it on a security label column, you cannot do the same with row access control. If a table has a security label column, you cannot enable it with row access control. Vice versa is true; if a table is activated with row access control, you cannot alter it to include a security label column. End of change

Security labels
Multilevel security restricts access to an object or a row based on the security label of the object or row and the security label of the user.
Determining the security label of a user
DB2 provides several built-in session variables that contain information about the server and application process. You can obtain the value of a built-in session variable by invoking the GETVARIABLE command with the name of the built-in session variable.
Security levels
Along with security categories, hierarchical security levels are used as a basis for mandatory access-checking decisions.
Security categories
Security categories are the non-hierarchical basis for mandatory access-checking decisions.
Users and objects in multilevel security
In multilevel security, a user is any entity that requires access to system resources; the entity can be a human user, a stored procedure, or a batch job. An object is any system resource to which access must be controlled; the resource can be a data set, a table, a table row, or a command.
Global temporary tables with multilevel security
For a declared temporary table with a column definition, no syntax exists to specify a security label on a DECLARE GLOBAL TEMPORARY TABLE statement. An attempt to specify a security label results in an error.
Materialized query tables with multilevel security
Materialized query tables are tables that contain information that is derived and summarized from other tables.
Constraints in a multilevel-secure environment
Although a referential constraint is not allowed for the security label column, DB2 enforces referential constraints for other columns in the table that are not defined with a security label.
Field, edit, and validation procedures in a multilevel-secure environment
In a multilevel-secure environment, field procedures, edit procedures, and validation procedures operate in certain ways.
Triggers in a multilevel-secure environment
When a transition table is generated as the result of a trigger, the security label of the table or row from the original table is not inherited by the transition table. Therefore, multilevel security with row-level checking is not enforced for transition tables and transition values.

Parent topic: Implementing multilevel security with DB2

Related reference:

Implementing multilevel security with DB2