Examples of Revoking User Security Labels

The following three statements create three security label components called level, compartments, and groups respectively: 
CREATE SECURITY LABEL COMPONENT 
   level ARRAY ['TS','S','C','U'];  

CREATE SECURITY LABEL COMPONENT
   compartments SET {'A','B','C','D'}; 

CREATE SECURITY LABEL COMPONENT
   groups TREE ('G1' ROOT, 
                'G2' UNDER ROOT, 
                'G3' UNDER ROOT);
The following statement creates a security policy called secPolicy based on the three components above: 
CREATE SECURITY POLICY secPolicy COMPONENTS 
   level, compartments, groups;
The following statement creates a security label called secLabel1: 
CREATE SECURITY LABEL secPolicy.secLabel1 
   COMPONENT level 'S', 
   COMPONENT compartments 'A', 'B', 
   COMPONENT groups 'G2';
The following statement grants this security label for read access to user sam: 
 GRANT SECURITY LABEL secPolicy.secLabel1 
   TO sam FOR READ ACCESS;
The following statement revokes the security label for read access from user sam. 
 REVOKE SECURITY LABEL secPolicy.secLabel1 
   FROM sam FOR READ ACCESS;

When the REVOKE SECURITY LABEL statement successfully cancels a security label that was held by a user, the database server updates the sysseclabelauth table of the system catalog to remove the user from the list of those who hold that security label.

Parent topic: SECURITY LABEL Clause
Copyright© 2021 HCL Technologies Limited