467,189 Members | 1,157 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,189 developers. It's quick & easy.

Privileges

Hi all,

I have a scenario here where I need to restrict the Sydney users to access
only sydney related data, Melbourne users to access only melbourne data,
etc.

How do I implement this?

Cheers,
San.

May 11 '06 #1
  • viewed: 1441
Share:
5 Replies
"shsandeep" <sa**********@gmail.com> wrote in message
news:bb******************************@localhost.ta lkaboutdatabases.com...
Hi all,

I have a scenario here where I need to restrict the Sydney users to access
only sydney related data, Melbourne users to access only melbourne data,
etc.

How do I implement this?

Cheers,
San.


Use views and only grant the users select access to the views and not the
base tables. Each view should have a WHERE clause that only selects data
that each user is allowed to see.
May 11 '06 #2
Thanks Mark.

May 11 '06 #3
FYI: In DB2 Viper you can use LBAC (label based access control) as well.

Cheers
Serge

--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
May 11 '06 #4
Serge Rielau wrote:
FYI: In DB2 Viper you can use LBAC (label based access control) as well.


I'm curious. Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?

--
Knut Stolze
DB2 Information Integration Development
IBM Germany
May 12 '06 #5
Knut Stolze wrote:
Serge Rielau wrote:
FYI: In DB2 Viper you can use LBAC (label based access control) as well.


I'm curious. Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?


See link below.. Here is a quit summary as best as I know it.
LBAC allows the implementation of column and row based security.
The security administrator (SECADM) can devise topology such as:
Army, Navy, Air Force and PUBLIC, INTERNAL, CONFIDENTAL, SECRET
Individual columns or rows can then be assigned specific labels in the
topology.
Users are classified into this topology as well. So I may be able to
read Navy Confidential, but only Army Public.
When I select from a protected table any rows that I don't have access
to ar esimply not shown.
Things are getting interesting when writes are being done.
E.g. I may be able to "write up" that is I can insert any secret rows,
but I can wrote down (insert public rows). The rules for this can also
be defined AFAIK. Typically such rules prevent de-classification.

Som other products provide similar features. what is unique in DB2 for
LUW is the flexibility of the topology combined with the ease of
administration in SQL.
We think this is a big plus since e.g. banks, health care providers or
non US government agencies have their own topologies which are distinct
from what other products offer.

http://www-128.ibm.com/developerwork...AGX11&S_CMP=FP

Enjoy
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
May 12 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by Marc | last post: by
4 posts views Thread by Amardeep Verma | last post: by
2 posts views Thread by Denis Martineau | last post: by
reply views Thread by Charles Cantrell | last post: by
reply views Thread by Marc | last post: by
8 posts views Thread by binary-nomad@hotmail.com | last post: by
2 posts views Thread by virgilio | last post: by
4 posts views Thread by Feldman Alex | last post: by
5 posts views Thread by Rahul B | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.