Security labels
Security labels are objects applied to rows and columns in order to protect these data, and granted to users to give them access to protected data.
When users try to access protected data, label-based access control compares the user label to the data label. The process of this comparison is detailed in How security labels control access.
When you create a security label:
- You identify to what security policy the label belongs.
- You assign a value for each security label component in the security policy.
You apply just one label to a row or column. For a given security policy, you typically grant to a user one label to define both read and write access. But you can grant a user one label for read access and a different label for write access to data protected by the same security policy. When the read-access label differs from the write-access label granted to a user, the user can only write to data objects that can be accessed by the user's read-access label.