With row and column access control, people in different roles can have different result sets from the same database queries. For example, Newton, a teller, cannot see any data of clients outside of their branch.
SELECT * FROM RCACTSPM.CUSTOMER;
Results of the query vary according to who runs the query. The row
and column access control rules created by the security administrator
are applied on these queries.ACCOUNT NAME INCOME BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice 22000 A
xxxx-xxxx-xxxx-5555 Bob 71000 A
2 record(s) selected.
Newton, being a teller at branch
A, can see only ExampleBANK clients that belong to that branch.ACCOUNT NAME INCOME BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice 22000 A
xxxx-xxxx-xxxx-5555 Bob 71000 A
xxxx-xxxx-xxxx-6666 Carl 123000 B
xxxx-xxxx-xxxx-7777 David 172000 C
4 record(s) selected.
Zurbie, being a customer service
representative, can see all ExampleBANK clients in the system, but
not their full account number unless he uses the ACCOUNTS.ACCTUPDATE
application. Since this query was issued outside of ACCOUNTS.ACCTUPDATE,
part of that number is masked.ACCOUNT NAME INCOME BRANCH
------------------- -------------------- ----------- ------
xxxx-xxxx-xxxx-4444 Alice 22000 A
xxxx-xxxx-xxxx-5555 Bob 71000 A
xxxx-xxxx-xxxx-6666 Carl 123000 B
xxxx-xxxx-xxxx-7777 David 172000 C
4 record(s) selected.
Plato, being a telemarketer, can
see all ExampleBANK clients in the system.