DB2 allows user defined LBAC security policies. For creating the required labels and authorizations, I followed the steps provided here. So far so good. However, retrieving these policies is a big headache. Suppose, someone defined these policies and did not keep a backup of their activities. By looking at the defined components and labels, it seems to be quite hard to figure out what was done.
The main problem I am facing is this: table syscat.securitylabelcomponentelements keeps a record of the elements of the security components which one defined. syscat.securitylabels records the labels created from these component elements. I am unable to find the mapping though. It is possible that one named a component element as X, and named the corresponding label as Y. Where is the mapping stored? That is, hoe do I know that label Y is coming from element X?
I could not find this. Can someone please help me out here?
Regards,
Salil
The db2look utility will extract the DDL for all of the LBAC components, which should make it pretty easy to determine the structure you are looking for.
$ db2look -d sample -e
-- This CLP file was created using DB2LOOK Version "9.7"
-- Timestamp: Sat 30 Mar 2013 11:21:34 AM MST
-- Database Name: SAMPLE
-- Database Manager Version: DB2/LINUXX8664 Version 9.7.5
-- Database Codepage: 1208
-- Database Collating Sequence is: IDENTITY
CONNECT TO SAMPLE;
-----------------------------------------------------------
-- DDL Statements for Security Label Component "ORG_DIVISIONS"
-----------------------------------------------------------
CREATE SECURITY LABEL COMPONENT "ORG_DIVISIONS"
TREE ('ORGANIZATION_ADMIN' ROOT,
'SALES' UNDER 'ORGANIZATION_ADMIN',
'RESEARCH' UNDER 'ORGANIZATION_ADMIN',
'MANUFACTURING' UNDER 'ORGANIZATION_ADMIN',
'MFM1' UNDER 'MANUFACTURING',
'MF_ENGG1' UNDER 'MFM1',
'RSM1' UNDER 'RESEARCH',
'RS_ENGG1' UNDER 'RSM1');
----------------------------------------------------------
-- DDL Statements for Security Policy "ORGANIZATION_POLICY"
----------------------------------------------------------
CREATE SECURITY POLICY "ORGANIZATION_POLICY"
COMPONENTS "ORG_DIVISIONS"
WITH DB2LBACRULES RESTRICT NOT AUTHORIZED WRITE SECURITY LABEL;
...
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 姐就是有狂的资本 的文章《securitylablelcomponentelements and securitylabels》','https://www.manongdao.com/article-942244.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}