Components and Elements of a Security Label
Like a security policy, a security label must have at least one component, but no more than 16. The CREATE SECURITY LABEL statement cannot list security label components that are not components of the specified security policy. The same component name cannot be specified more than once in the same CREATE SECURITY LABEL statement. These components must already exist in the database, where DBSECADM can register them with the CREATE SECURITY LABEL COMPONENT statement.
Security label components can be of type ARRAY, SET, or TREE, as described in CREATE SECURITY LABEL COMPONENT. For a component of type ARRAY, the element list can identify only a single element. For components of type SET or TREE, the element list can identify multiple component elements that were defined when the component was created (or when it was last altered). See the CREATE SECURITY LABEL COMPONENT statement for more information about the structure and semantics of security label components.
CREATE SECURITY LABEL MegaCorp.label1
COMPONENT levels 'VP',
COMPONENT compartments 'Marketing';
For this example to be valid, the levels and compartments components, and their security label components, VP and Marketing elements, must have been defined in previously executed CREATE SECURITY LABEL COMPONENT statements.
CREATE SECURITY LABEL MegaCorp.label2
COMPONENT level 'Director',
COMPONENT compartments 'HR', 'Finance',
COMPONENT groups 'EntireRegion';
These examples illustrate that the components of a security
label can be a subset of the components of the security policy that
the label supports, and that more than one security label can support
the same security policy.