TREE Components
A security label component of type TREE has the logical topology
of a hierarchy (that is, a simple graph with no loops) that has a
single root node and no more than 63 additional nodes. The string
constant for the root node must be listed first and must be followed
by the ROOT keyword. The string constant for each subsequently declared
node must be followed by the keyword UNDER and by the string constant
for some previously declared node. The set of elements of the TREE
component, including their ROOT and UNDER keywords and comma separators,
must be enclosed between a pair of parenthesis ( ( ... )
)
symbols.
The label element specified after the UNDER keyword is called the parent of the label element that precedes the same UNDER keyword (which is called the child of that parent element). The CREATE SECURITY LABEL COMPONENT statement fails with an error if a node name that follows the UNDER keyword has not already been declared in the same statement.
The string constant that designates the root node of a tree component has the highest data sensitivity. For a user to read or write protected data, each tree component of the user security label must include at least one of the elements in the tree component of the data row security label, or the ancestor of one such element. For example, if "Beta" is declared UNDER "Alpha" and "Gamma" is declared UNDER "Beta" then "Gamma" also ranks below "Alpha" in data sensitivity. Only elements that are in the same chain of parent-child relationships can be compared in their data sensitivity.
CREATE SECURITY LABEL COMPONENT Oakland
TREE ( 'Port' ROOT,
'Downtown' UNDER 'Port',
'Airport' UNDER 'Port',
'Estuary' UNDER 'Airport',
'Avenues' UNDER 'Downtown',
'Hills' UNDER 'Avenues');
Here the root node is Port, which has the highest
data sensitivity. Within this hierarchy, the Downtown, Avenues,
and Hills elements represent descending levels of data sensitivity,
and the Airport element has a higher data sensitivity than
the Estuary element. In this example, the four component elements
that the UNDER keyword designates as parent nodes are each declared
before being included in UNDER specifications. A modified version
of this example would also be valid if the Avenues node declaration
preceded the Airport node declaration, but an error would result
if the Hills node declaration had preceded the Avenues node
declaration. A component of type TREE can be appropriate in contexts where some dimension of a multidimensional security policy can be mapped to a single logical hierarchy, or to a group of hierarchies that share a common root.