DB2允许用户定义的LBAC安全策略。为了创建所需的标签和授权,我按照提供的步骤here进行了操作。到现在为止还挺好。但是,检索这些策略是一个令人头疼的问题。假设有人定义了这些策略并且没有保留其活动的备份。通过查看定义的组件和标签,似乎很难弄清楚做了什么。
我面临的主要问题是:table syscat.securitylabelcomponentelements会记录一个人定义的安全组件的元素。 syscat.securitylabels记录从这些组件元素创建的标签。我无法找到映射。有可能将组件元素命名为X,并将相应的标签命名为Y.映射存储在何处?也就是说,我知道标签Y来自元素X吗?
我找不到这个。有人可以帮帮我吗?
此致
萨里尔
答案 0 :(得分:1)
db2look实用程序将为所有LBAC组件提取DDL,这样可以很容易地确定您要查找的结构。
$ db2look -d sample -e
-- This CLP file was created using DB2LOOK Version "9.7"
-- Timestamp: Sat 30 Mar 2013 11:21:34 AM MST
-- Database Name: SAMPLE
-- Database Manager Version: DB2/LINUXX8664 Version 9.7.5
-- Database Codepage: 1208
-- Database Collating Sequence is: IDENTITY
CONNECT TO SAMPLE;
-----------------------------------------------------------
-- DDL Statements for Security Label Component "ORG_DIVISIONS"
-----------------------------------------------------------
CREATE SECURITY LABEL COMPONENT "ORG_DIVISIONS"
TREE ('ORGANIZATION_ADMIN' ROOT,
'SALES' UNDER 'ORGANIZATION_ADMIN',
'RESEARCH' UNDER 'ORGANIZATION_ADMIN',
'MANUFACTURING' UNDER 'ORGANIZATION_ADMIN',
'MFM1' UNDER 'MANUFACTURING',
'MF_ENGG1' UNDER 'MFM1',
'RSM1' UNDER 'RESEARCH',
'RS_ENGG1' UNDER 'RSM1');
----------------------------------------------------------
-- DDL Statements for Security Policy "ORGANIZATION_POLICY"
----------------------------------------------------------
CREATE SECURITY POLICY "ORGANIZATION_POLICY"
COMPONENTS "ORG_DIVISIONS"
WITH DB2LBACRULES RESTRICT NOT AUTHORIZED WRITE SECURITY LABEL;
...