Technical Blog Post
Abstract
DB2 LUW: How to check if LBAC is enabled for my database?
Body
Label-based access control (LBAC) can be used to protect rows of data, columns of data, or both. Data in a table can only be protected by security labels that are part of the security policy protecting the table. Data protection, including adding a security policy, can be done when creating the table or later by altering the table.
To check if LBAC is enabled for your database, you can firstly check if you have any security policy defined in the database:
db2 "select count(*) from SYSCAT.SECURITYPOLICIES"
If there isn't any security policy defined in the database, then LBAC is not enabled for the tables of this database.
If above query return none zero value, means you have one or more security policy definitions in the database. Then you can use below query to check if LBAC is used to protect rows of data:
db2 "SELECT SUBSTR(TABSCHEMA,1,30) TABSCHEMA,
SUBSTR(TABNAME,1,30) TABNAME,
A.SECPOLICYID,
SUBSTR(B.SECPOLICYNAME,1,20) SECPOLICYNAME
FROM SYSCAT.TABLES A INNER JOIN SYSCAT.SECURITYPOLICIES B
ON A.SECPOLICYID=B.SECPOLICYID"
The above query lists the schema & name of table(s) that is/are protected by LBAC.
Additionally you can use below query to check if there is any column protected by LBAC:
db2 "SELECT SUBSTR(TABSCHEMA,1,30) TABSCHEMA,
SUBSTR(TABNAME,1,30) TABNAME,
SUBSTR(COLNAME,1,30) COLNAME,
SUBSTR(SECLABELNAME, 1, 20) SECLABELNAME
FROM SYSCAT.COLUMNS
WHERE SECLABELNAME<>''"
Hope above helps you!
UID
ibm13286623