Security Label Support Functions
The security label support functions enable users to manipulate security labels. A security label can be referenced in three different ways:
- A name, as declared in the CREATE SECURITY LABEL or RENAME SECURITY LABEL statement.
- A list of values for each component of the security policy of the security label.
- An internal encoded value that the IDSSECURITYLABEL data type stores.
Security Label Support Function
| Element | Description | Restrictions | Syntax |
|---|---|---|---|
| column | A column of type IDSSECURITYLABEL | Must exist and must store a label of the policy | Identifier |
| component | Value of a component of the policy | Must exist and must be a component of the policy | Quoted String |
| element | Value of an element within a list of values of the component | Must exist and must be elements of a single component of the policy | Quoted String |
| label | Identifier of the security label whose value the function returns | Must exist and must be a label of the policy | Quoted String |
| policy | The security policy supported by the security label whose value the function returns | Must exist and must be the security policy that secures the table | Quoted String |
These functions return a security label of the specified
security policy. They can be used within DML statements that
reference a protected database table, but they can also evaluate to
a security label in other calling contexts. Each of these functions
requires a different argument list:
- SECLABEL_TO_CHAR requires the security policy name and an expression that returns a IDSSECURITYLABEL object, such as the name of a column of that data type.
- SECLABEL_BY_COMP requires the security policy name and the values of the individual components of the security label.
- SECLABEL_BY_NAME requires the names of the security policy and of the security label.