Knut Stolze wrote:
Serge Rielau wrote:
FYI: In DB2 Viper you can use LBAC (label based access control) as well.
I'm curious. Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?
See link below.. Here is a quit summary as best as I know it.
LBAC allows the implementation of column and row based security.
The security administrator (SECADM) can devise topology such as:
Army, Navy, Air Force and PUBLIC, INTERNAL, CONFIDENTAL, SECRET
Individual columns or rows can then be assigned specific labels in the
topology.
Users are classified into this topology as well. So I may be able to
read Navy Confidential, but only Army Public.
When I select from a protected table any rows that I don't have access
to ar esimply not shown.
Things are getting interesting when writes are being done.
E.g. I may be able to "write up" that is I can insert any secret rows,
but I can wrote down (insert public rows). The rules for this can also
be defined AFAIK. Typically such rules prevent de-classification.
Som other products provide similar features. what is unique in DB2 for
LUW is the flexibility of the topology combined with the ease of
administration in SQL.
We think this is a big plus since e.g. banks, health care providers or
non US government agencies have their own topologies which are distinct
from what other products offer.
http://www-128.ibm.com/developerwork...AGX11&S_CMP=FP
Enjoy
Serge
--
Serge Rielau
DB2 Solutions Development
IBM Toronto Lab
