By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,288 Members | 1,290 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,288 IT Pros & Developers. It's quick & easy.

Privileges

P: n/a
Hi all,

I have a scenario here where I need to restrict the Sydney users to access
only sydney related data, Melbourne users to access only melbourne data,
etc.

How do I implement this?

Cheers,
San.

May 11 '06 #1
Share this Question
Share on Google+
5 Replies


P: n/a
"shsandeep" <sa**********@gmail.com> wrote in message
news:bb******************************@localhost.ta lkaboutdatabases.com...
Hi all,

I have a scenario here where I need to restrict the Sydney users to access
only sydney related data, Melbourne users to access only melbourne data,
etc.

How do I implement this?

Cheers,
San.


Use views and only grant the users select access to the views and not the
base tables. Each view should have a WHERE clause that only selects data
that each user is allowed to see.
May 11 '06 #2

P: n/a
Thanks Mark.

May 11 '06 #3

P: n/a
FYI: In DB2 Viper you can use LBAC (label based access control) as well.

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
May 11 '06 #4

P: n/a
Serge Rielau wrote:
FYI: In DB2 Viper you can use LBAC (label based access control) as well.


I'm curious. Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?

--
Knut Stolze
DB2 Information Integration Development
IBM Germany
May 12 '06 #5

P: n/a
Knut Stolze wrote:
Serge Rielau wrote:
FYI: In DB2 Viper you can use LBAC (label based access control) as well.


I'm curious. Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?


See link below.. Here is a quit summary as best as I know it.
LBAC allows the implementation of column and row based security.
The security administrator (SECADM) can devise topology such as:
Army, Navy, Air Force and PUBLIC, INTERNAL, CONFIDENTAL, SECRET
Individual columns or rows can then be assigned specific labels in the
topology.
Users are classified into this topology as well. So I may be able to
read Navy Confidential, but only Army Public.
When I select from a protected table any rows that I don't have access
to ar esimply not shown.
Things are getting interesting when writes are being done.
E.g. I may be able to "write up" that is I can insert any secret rows,
but I can wrote down (insert public rows). The rules for this can also
be defined AFAIK. Typically such rules prevent de-classification.

Som other products provide similar features. what is unique in DB2 for
LUW is the flexibility of the topology combined with the ease of
administration in SQL.
We think this is a big plus since e.g. banks, health care providers or
non US government agencies have their own topologies which are distinct
from what other products offer.

http://www-128.ibm.com/developerwork...AGX11&S_CMP=FP

Enjoy
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
May 12 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.