DB2 允许用户定义 LBAC 安全策略。为了创建所需的标签和授权,我按照此处提供的步骤进行操作。到现在为止还挺好。但是,检索这些策略是一件令人头疼的事情。假设有人定义了这些策略并且没有备份他们的活动。通过查看定义的组件和标签,似乎很难弄清楚做了什么。
我面临的主要问题是:表syscat.securitylabelcomponentelements记录了一个定义的安全组件的元素。syscat.securitylabels记录从这些组件元素创建的标签。虽然我找不到映射。有可能将一个组件元素命名为 X,并将相应的标签命名为 Y。映射存储在哪里?也就是说,我知道标签 Y 来自元素 X 吗?
我找不到这个。有人可以帮我吗?
问候,
萨利尔
该db2look实用程序将提取所有 LBAC 组件的 DDL,这样可以很容易地确定您要查找的结构。
$ db2look -d sample -e
-- This CLP file was created using DB2LOOK Version "9.7"
-- Timestamp: Sat 30 Mar 2013 11:21:34 AM MST
-- Database Name: SAMPLE
-- Database Manager Version: DB2/LINUXX8664 Version 9.7.5
-- Database Codepage: 1208
-- Database Collating Sequence is: IDENTITY
CONNECT TO SAMPLE;
-----------------------------------------------------------
-- DDL Statements for Security Label Component "ORG_DIVISIONS"
-----------------------------------------------------------
CREATE SECURITY LABEL COMPONENT "ORG_DIVISIONS"
TREE ('ORGANIZATION_ADMIN' ROOT,
'SALES' UNDER 'ORGANIZATION_ADMIN',
'RESEARCH' UNDER 'ORGANIZATION_ADMIN',
'MANUFACTURING' UNDER 'ORGANIZATION_ADMIN',
'MFM1' UNDER 'MANUFACTURING',
'MF_ENGG1' UNDER 'MFM1',
'RSM1' UNDER 'RESEARCH',
'RS_ENGG1' UNDER 'RSM1');
----------------------------------------------------------
-- DDL Statements for Security Policy "ORGANIZATION_POLICY"
----------------------------------------------------------
CREATE SECURITY POLICY "ORGANIZATION_POLICY"
COMPONENTS "ORG_DIVISIONS"
WITH DB2LBACRULES RESTRICT NOT AUTHORIZED WRITE SECURITY LABEL;
...