ABSTRACT
data at the row and/or column level based on security labels. Unlike traditional implementations of mandatory access control (e.g., Multilevel Security), the DB2 LBAC capability allows you to tailor the security label definition to best suit your application specific needs. In DB2 LBAC, a security label does not have to be a rigid structure made up of two components (level and compartments). DB2 LBAC allows you to construct the security label type that best suits your application needs from a predefined set of security label components. DB2 then chooses and applies the appropriate access control rules based on the types of the security label components. DB2 LBAC integrates well with other DB2 capabilities and can be combined with such capabilities to offer an even stronger security. For example, you can combine LBAC with any of the data partitioning capabilities available in DB2 such as Multi-Dimensional Clustering (MDC), Data Partitioning Facility (DPF), or table partitioning to increase security by having data from different security levels stored on different data partitions (e.g., the most secure data on the most secure partition). You can also combine LBAC with XML to provide document level access control based on security labels.
- Label-based access control (LBAC) in DB2 LUW
Recommendations
Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy
ABAC '16: Proceedings of the 2016 ACM International Workshop on Attribute Based Access ControlThere are two major techniques for specifying authorization policies in Attribute Based Access Control (ABAC) models. The more conventional approach is to define policies by using logical formulas involving attribute values. Examples in this category ...
DB2 LUW optimizer: beginner to intermediate guide
CASCON '11: Proceedings of the 2011 Conference of the Center for Advanced Studies on Collaborative ResearchThe DB2 LUW Optimizer: Beginner to Intermediate Guide is a hands-on workshop for people who both are new or have some experienced using the DB2 SQL Optimizer (aka compiler). The workshop provided a high-level overview and basic understanding of the DB2 ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Comments