Access-management strategies
HCL OneDB™ supports
two access-management systems:
- Label-Based Access Control (LBAC)
- Label-Based Access Control is an implementation of Mandatory Access Control, which is typically used in databases that store highly sensitive data, such as systems maintained by armed forces or security services. The primary documentation of features relating to LBAC is the HCL OneDB Security Guide. HCL OneDB Guide to SQL: Syntax describes how LBAC security objects are created and maintained by the Database Security Administrator (DBSECADM). Only the Database Server Administrator (DBSA) can grant the DBSECADM role.
- Discretionary Access Control (DAC)
- Discretionary Access Control is a simpler system that involves less overhead than LBAC. Based on access privileges and roles, DAC is enabled in all HCL OneDB databases, including those that implement LBAC.