Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
Database Servers
DB2InformixIngresMS SQLOraclePervasive.SQLPostgreSQLProgressSybase
Desktop Databases
FileMakerFoxProMS AccessParadox
General
General DB TopicsDatabase Theory
Related Topics
Java Development.NET DevelopmentVB DevelopmentMore Topics ...
Database Forum / DB2 Topics / May 2006

Tip: Looking for answers? Try searching our database.

Privileges

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
shsandeep - 11 May 2006 06:34 GMT
Hi all,

I have a scenario here where I need to restrict the Sydney users to access
only sydney related data, Melbourne users to access only melbourne data,
etc.

How do I implement this?

Cheers,
San.
Reply to this Message
Mark A - 11 May 2006 06:49 GMT
> Hi all,
>
[quoted text clipped - 6 lines]
> Cheers,
> San.

Use views and only grant the users select access to the views and not the
base tables. Each view should have a WHERE clause that only selects data
that each user is allowed to see.
Reply to this Message
shsandeep - 11 May 2006 07:21 GMT
Thanks Mark.
Reply to this Message
Serge Rielau - 11 May 2006 11:16 GMT
FYI: In DB2 Viper you can use LBAC (label based access control) as well.

Cheers
Serge

Signature

Serge Rielau
DB2 Solutions Development
IBM Toronto Lab

Reply to this Message
Knut Stolze - 12 May 2006 07:37 GMT
> FYI: In DB2 Viper you can use LBAC (label based access control) as well.

I'm curious.  Could you elaborate on that a bit more so that we understand a
bit better what "LBAC" is and does?

Signature

Knut Stolze
DB2 Information Integration Development
IBM Germany

Reply to this Message
Serge Rielau - 12 May 2006 13:13 GMT
>> FYI: In DB2 Viper you can use LBAC (label based access control) as well.
>
> I'm curious.  Could you elaborate on that a bit more so that we understand a
> bit better what "LBAC" is and does?

See link below.. Here is a quit summary as best as I know it.
LBAC allows the implementation of column and row based security.
The security administrator (SECADM) can devise  topology such as:
Army, Navy, Air Force and PUBLIC, INTERNAL, CONFIDENTAL, SECRET
Individual columns or rows can then be assigned specific labels in the
topology.
Users are classified into this topology as well. So I may be able to
read Navy Confidential, but only Army Public.
When I select from a protected table any rows that I don't have access
to ar esimply not shown.
Things are getting interesting when writes are being done.
E.g. I may be able to "write up" that is I can insert any secret rows,
but I can wrote down (insert public rows). The rules for this can also
be defined AFAIK. Typically such rules prevent de-classification.

Som other products provide similar features. what is unique in DB2 for
LUW is the flexibility of the topology combined with the ease of
administration in SQL.
We think this is a big plus since e.g. banks, health care providers or
non US government agencies have their own topologies which are distinct
from what other products offer.

http://www-128.ibm.com/developerworks/edu/dm-dw-dm-0605wong-i.html?S_TACT=105AGX
11&S_CMP=FP

Enjoy
Serge
Signature

Serge Rielau
DB2 Solutions Development
IBM Toronto Lab

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.