ALTER SECURITY LABEL COMPONENT statement
Use the ALTER SECURITY LABEL COMPONENT statement to add one or more new elements to an existing security label component in the current database. This statement is an extension to the ANSI/ISO standard for SQL.
Syntax
Element | Description | Restrictions | Syntax |
---|---|---|---|
component | Component to which element is added | Must already exist in the database. | Identifier |
element | New element of component | Must be unique among elements of this component,
and no longer than 32 bytes. The left ( ( ) and right
( ) ) parentheses, comma ( , ),
and colon ( : ) symbols are not valid characters. |
Quoted String |
old_element | Existing element of component | Must be an element of component. | Quoted String |
Usage
Only DBSECADM can issue the ALTER SECURITY LABEL COMPONENT statement, which defines new elements of an existing security label component. The new elements become part of any security policy defined in a CREATE SECURITY POLICY statement that references the specified component.
A security label component consists of a set of no more than 64 elements that the CREATE SECURITY LABEL COMPONENT statement defines as string constants. Each string constant can have no more than 32 bytes, and each must be unique among elements of this component. The declaration of each element, which is a valid value that the component can have, defines a category of data sensitivity. By adding new elements to an existing component, the ALTER SECURITY LABEL COMPONENT statement expands the set of values that a component can have within a security policy that includes the component, or within a security label that supports the security policy.
- The sysseclabelcomponentelements table, to add new rows for each new elements of the component,
- The sysseclabelcomponents table, to show the new cardinality of the security elements that comprise the modified security component.
This statement can define new elements of a security label component, but it cannot modify or drop an existing element. If the security design changes so that different elements are required, DBSECADM can add the new elements, if the total number of elements remains within the size and cardinality limits, and not use any obsolete elements in defining labels that include the component.
Alternatively, DBSECADM can use the DROP SECURITY LABEL COMPONENT statement to drop the component, and then use the CREATE SECURITY LABEL COMPONENT statement to redefine a new component that has only the required elements. You cannot, however, drop a security component if it is part of an existing security policy. See DROP SECURITY statement for information about restrictions on dropping security label components and other security objects of HCL OneDB.
The security label component to which new elements are added must be one of three component types. The ARRAY, SET, or TREE keyword that immediately follows the component name must specify the same component type that the CREATE SECURITY LABEL COMPONENT statement specified when the component was originally defined. The syntax for specifying the new list of elements depends on whether the specified component is of type ARRAY, SET, or TREE, which are the three types of security component that HCL OneDB supports.