473,837 Members | 1,622 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

row level security

well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. Oracle has what
it calls package DBMS_RLS, which implements application ignorant
row level security.

scanning this group yielded "you can't do that; use views". then i
dug out DB2Mag qtr 1 2004, and there is MLS for v8/390. from this
article, it sounds like Oracle's RLS.

when i try to download the referenced pdf, it fails. hmmm.

so, has anyone who has implemented RLS on Oracle and knows more about
MLS on DB2 say whether, i) they are functionally equivalent and
ii) really works on DB2.

thanks,
robert
Nov 12 '05 #1
2 5651
"robert" <gn*****@rcn.co m> wrote in message
news:da******** *************** ***@posting.goo gle.com...
well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. Oracle has what
it calls package DBMS_RLS, which implements application ignorant
row level security.

scanning this group yielded "you can't do that; use views". then i
dug out DB2Mag qtr 1 2004, and there is MLS for v8/390. from this
article, it sounds like Oracle's RLS.

when i try to download the referenced pdf, it fails. hmmm.

so, has anyone who has implemented RLS on Oracle and knows more about
MLS on DB2 say whether, i) they are functionally equivalent and
ii) really works on DB2.

thanks,
robert


Here is text from the What's New for DB2 z/OS V8:

Multilevel security with row-level granularity

Multilevel security is a security policy that lets you classify data and
users based on a system of hierarchical security levels that is combined
with a system of nonhierarchical security categories. The goals of
multilevel security are twofold: To prevent individuals from accessing
information that is classified at a level that is higher than their
authorization allows, and to prevent individuals from declassifying
information. Version 8 of DB2 UDB for z/OS supports multilevel security with
row-level granularity, which lets you restrict individual user access to a
specific set of rows in a table. Multilevel security with row-level
granularity offers several advantages over current authorization techniques:
v Security enforcement is mandatory and automatic; a user is checked at run
time. This technique complements existing discretionary checks. v You can
perform security checks that are difficult to express through traditional
SQL views or queries. v Multilevel security does not rely on special views
or database variables to provide row-level security control. v Security
controls are consistent and integrated across the system so that you can
avoid defining users, objects, access, and security labels more than once.
Access to files, database, printers, terminals, and other resources can have
a single security control point.

You can download PDF versions of all the manuals here to get more details on
this functionality:
http://www-306.ibm.com/software/data...s/v8books.html
Nov 12 '05 #2
"robert" <gn*****@rcn.co m> wrote in message
news:da******** *************** ***@posting.goo gle.com...
well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. Oracle has what
it calls package DBMS_RLS, which implements application ignorant
row level security.

scanning this group yielded "you can't do that; use views". then i
dug out DB2Mag qtr 1 2004, and there is MLS for v8/390. from this
article, it sounds like Oracle's RLS.

when i try to download the referenced pdf, it fails. hmmm.

so, has anyone who has implemented RLS on Oracle and knows more about
MLS on DB2 say whether, i) they are functionally equivalent and
ii) really works on DB2.

thanks,
robert


Here is text from the What's New for DB2 z/OS V8:

Multilevel security with row-level granularity

Multilevel security is a security policy that lets you classify data and
users based on a system of hierarchical security levels that is combined
with a system of nonhierarchical security categories. The goals of
multilevel security are twofold: To prevent individuals from accessing
information that is classified at a level that is higher than their
authorization allows, and to prevent individuals from declassifying
information. Version 8 of DB2 UDB for z/OS supports multilevel security with
row-level granularity, which lets you restrict individual user access to a
specific set of rows in a table. Multilevel security with row-level
granularity offers several advantages over current authorization techniques:
v Security enforcement is mandatory and automatic; a user is checked at run
time. This technique complements existing discretionary checks. v You can
perform security checks that are difficult to express through traditional
SQL views or queries. v Multilevel security does not rely on special views
or database variables to provide row-level security control. v Security
controls are consistent and integrated across the system so that you can
avoid defining users, objects, access, and security labels more than once.
Access to files, database, printers, terminals, and other resources can have
a single security control point.

You can download PDF versions of all the manuals here to get more details on
this functionality:
http://www-306.ibm.com/software/data...s/v8books.html
Nov 12 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1192
by: Anthony | last post by:
On our IIS 5 windows 2000 web server we have many .asp's.. most of which (When right clicked / security tab / edit authentication) are using Integrated Windows Authentication. Is there an easy way to check ALL of them? Some of the pages require a higher level of security (Our password reset page for example) and I am just auditing everything and want to make sure that only the few pages that require it are using the elevated security...
13
2155
by: MFS 43 | last post by:
Using Access 2000 and 2002 Have set up user-level security with a new .mdw file (secured.mdw). I open my database with a short cut whose target includes a command line option for the workgroup .mdw file. This seems to work for the user-level security. However, if I go directly (through Explorer) to the Access .mdb file of my program (Program.mdb) and double click to start this .mdb file, the program opens without any security!!
3
3308
by: Br | last post by:
I'm going to go into a fair bit of detail as I'm hoping my methods may be of assistance to anyone else wanting to implement something similar (or totally confusing:) One of systems I've developed has three levels of security. Admins - can see all records Manager - can only see records based on an organisation structure held in a table (simple tree structure) Employee - can only see own records
0
1000
by: Jéjé | last post by:
Hi, I'm looking for some sample to implement an item level security system in my Web application. My users can create & manage project. The company has some organizationnal units. Each unit can create/manage projects. Today the security is set at the "system" level, I mean if a user can create
3
3445
by: Dave Wurtz | last post by:
All, Does anyone have ideas how they have implemented field (property) level security? I want to handle this from the business object level, not the database level. Is it best to have a security checking method that gets called in the property and throws an exception? If there are several "fields" that are being accessed multiple times, does it hurt from a performance perspective to have these exceptions thrown all of the time? ...
9
6662
by: MR | last post by:
I get the following Exception "The data at the root level is invalid. Line 1, position 642" whenever I try to deserialize an incoming SOAP message. The incoming message is formed well and its length is 642 bytes ( I have appended it to the end of this message). I suspect that the reason may have something to do with an incorrect declaration of which class to de-serialize to. In the attached code I substituted @@@@@@@ in the code below with...
1
2671
by: Friends | last post by:
Hi I need to set security for row level but not based on Database user's login. It should be based on the user table login. For the particular user I need to allow only the particular records to access insert, update delete and select. Let me explain clearly For example think we are using asp/asp.net website
2
4046
by: evenlater | last post by:
I realize that user level security is not available for Access databases in the new AK27 format .accdb, and I know that I can still utilize ULS by making my database an .mdb file. But I'm wondering WHY Microsoft is scrapping a feature that I've always found to be extremely useful. Surely they don't expect that users of the new database format will no longer have a need to assign permissions at different levels for different users! Why...
6
2115
by: plaguna | last post by:
Basically I have Three questions about Jet U-L Security: 1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for every single DB Access file I have in my system. How can I get a Jet User-Level Security only for the current opened file without using the User-Level Security Wizard?. 2. Also, Is there a way to view and make changes to Groups and Users opening...
0
10863
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10560
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10609
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10263
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9390
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7798
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5663
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
5838
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
3120
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.