DB2 10.5 for Linux, UNIX, and Windows
DB2 10.5 for Linux, UNIX, and Windows
The security administrator uses a security policy to define criteria that determine who has write access and who has read access to individual rows and individual columns of tables.
Every protected table must have one and only one security policy associated with it. Rows and columns in that table can only be protected with security labels that are part of that security policy and all access of protected data follows the rules of that policy. You can have multiple security policies in a single database but you cannot have more than one security policy protecting any given table.
You must be a security administrator to create a security policy. You create a security policy with the SQL statement CREATE SECURITY POLICY. The security label components listed in a security policy must be created before the CREATE SECURITY POLICY statement is executed. The order in which the components are listed when a security policy is created does not indicate any sort of precedence or other relationship among the components but it is important to know the order when creating security labels with built-in functions like SECLABEL.
From the security policy you have created, you can create security labels to protect your data.
A security administrator can use the ALTER SECURITY POLICY statement to modify a security policy.
You must be a security administrator to drop a security policy. You drop a security policy using the SQL statement DROP.
You cannot drop a security policy if it is associated with (added to) any table.