Other HCL OneDB functionality with label-based access control
HCL® OneDB® has non-security functionality that operates seamlessly with label-based access control.
HCL OneDB label-based access control (LBAC) is designed to work smoothly with all parts of the database server and without excessive user intervention to contain unauthorized data exposure. The following areas of HCL OneDB are highlighted to address potential areas of concern.
High-availability clusters
High-availability clusters (High-Availability Data Replication, shared disk secondary servers, and remote stand-alone secondary servers) provide a way to provide one or more copies of the database server. LBAC objects created on a database of the primary server are replicated to the secondary servers. All tables protected on the primary server are protected on the secondary servers.
Distributed queries
You can query more than one database on the same database server or across multiple database servers. This type of query is called a distributed query. LBAC rules are applied to distributed queries involving protected tables and local synonyms of remote protected tables. Queries issued from a non-LBAC server but involving LBAC-protected tables on a different server also require that the user have the necessary LBAC credentials to access the protected data on the other server.
Fragmentation
You can use fragmentation to control where data is stored at the table level using a fragmentation strategy. HCL OneDB ensures that the source and targets tables have the required identical LBAC security objects for attaching and detaching fragments.
Synonyms and views
Views and synonyms can be created on existing tables and views that are located in the current database, or in another database of the local database server or of a remote database server. LBAC rules are applied when a user attempts to access data through views and synonyms on protected tables.
Violations tables
HCL OneDB provides a facility to track rows that violate constraints. The START VIOLATIONS TABLE statement creates a special violations table that holds nonconforming rows that fail to satisfy constraints and unique indexes during INSERT, UPDATE, and DELETE operations on target tables. In order to prevent unauthorized exposure of protected data through a violations table, HCL OneDB secures the violation table with same security policy as the target table when the START VIOLATIONS TABLE statement is executed.
Referential integrity scans
LBAC rules are applied when the ON DELETE CASCADE option is specified and when an INSERT statement to a child table generates a referential integrity scan on the parent table.