Label-based access control (LBAC) in DB2 LUW

data at the row and/or column level based on security labels. Unlike traditional implementations of mandatory access control (e.g., Multilevel Security), the DB2 LBAC capability allows you to tailor the security label definition to best suit your application specific needs. In DB2 LBAC, a security label does not have to be a rigid structure made up of two components (level and compartments). DB2 LBAC allows you to construct the security label type that best suits your application needs from a predefined set of security label components. DB2 then chooses and applies the appropriate access control rules based on the types of the security label components. DB2 LBAC integrates well with other DB2 capabilities and can be combined with such capabilities to offer an even stronger security. For example, you can combine LBAC with any of the data partitioning capabilities available in DB2 such as Multi-Dimensional Clustering (MDC), Data Partitioning Facility (DPF), or table partitioning to increase security by having data from different security levels stored on different data partitions (e.g., the most secure data on the most secure partition). You can also combine LBAC with XML to provide document level access control based on security labels.