Home
SQL programmingYou can use the HCL OneDB™ implementation of the SQL language to develop applications for HCL OneDB™ database servers.
Guide to SQL: SyntaxThe HCL OneDB™ Guide to SQL: Syntax describes the syntax of the statements, data types, expressions, operators, and built-in functions of the HCL OneDB™ dialect of the SQL language.
SQL statementsThis chapter describes the syntax and semantics of SQL statements that are recognized by HCL OneDB™.
REVOKE statementUse the REVOKE statement to cancel access privileges or roles that are held by users, by roles, or by PUBLIC, or to cancel user security labels or exemptions from the rules of security policies.
Security Administration Options
SECURITY LABEL Clause
Examples of Revoking User Security Labels

Examples of Revoking User Security Labels

The following three statements create three security label components called level, compartments, and groups respectively:

CREATE SECURITY LABEL COMPONENT 
   level ARRAY ['TS','S','C','U'];  

CREATE SECURITY LABEL COMPONENT
   compartments SET {'A','B','C','D'}; 

CREATE SECURITY LABEL COMPONENT
   groups TREE ('G1' ROOT, 
                'G2' UNDER ROOT, 
                'G3' UNDER ROOT);

The following statement creates a security policy called secPolicy based on the three components above:

CREATE SECURITY POLICY secPolicy COMPONENTS 
   level, compartments, groups;

The following statement creates a security label called secLabel1:

CREATE SECURITY LABEL secPolicy.secLabel1 
   COMPONENT level 'S', 
   COMPONENT compartments 'A', 'B', 
   COMPONENT groups 'G2';

The following statement grants this security label for read access to user sam:

 GRANT SECURITY LABEL secPolicy.secLabel1 
   TO sam FOR READ ACCESS;

The following statement revokes the security label for read access from user sam.

 REVOKE SECURITY LABEL secPolicy.secLabel1 
   FROM sam FOR READ ACCESS;

When the REVOKE SECURITY LABEL statement successfully cancels a security label that was held by a user, the database server updates the sysseclabelauth table of the system catalog to remove the user from the list of those who hold that security label.