Exemptions
Exemptions modify security credentials of users by disabling one or more of the IDSLBACRULES for a component type in a security policy.
Since exemptions are based on a security label component type for a particular security policy, this exemption does not apply outside that security policy. Within the security policy, the exemption applies to all instances of the component type.
Exemptions can be useful for allowing trusted users do administrative work for which otherwise it would be cumbersome to grant all necessary label-based access control credentials. For example, if your job is to classify incoming data, a typical practice would be for the DBSECADM to grant you exemptions so that you can write to any data row in the security policy.
If users hold an exemption to every rule of a security policy, then they have complete access to all data protected by that policy.
Exemptions provide very powerful access. Do not grant them without careful consideration.