Which statement about label-based access control (LBAC) is TRUE?
Which statement about label-based access control (LBAC) is TRUE?
LBAC cannot be used to restrict access to a staging table. LBAC is used to label data and control access based on those labels and specific security policies. However, it has limitations and cannot be applied to certain types of tables, including staging tables.
LBAC cannot be used to protect any of the following types of tables: A staging table A table that a staging table depends on A typed table https://www.ibm.com/docs/en/db2/11.1?topic=security-label-based-access-control-lbac
Remarks : What LBAC does not do : 1/ LBAC will never allow access to data that is forbidden by discretionary access control. Example If you do not have permission to read from a table then you will not be allowed to read data from that table--even the rows and columns to which LBAC would otherwise allow you access. 2/ Your LBAC credentials only limit your access to protected data. They have no effect on your access to unprotected data. 3/ LBAC credentials are not checked when you drop a table or a database, even if the table or database contains protected data. 4/ LBAC credentials are not checked when you back up your data. If you can run a backup on a table, which rows are backed up is not limited in any way by the LBAC protection on the data. Also, data on the backup media is not protected by LBAC. Only data in the database is protected. 5/ LBAC cannot be used to protect any of the following types of tables: 5.1- A staging table 5.2- A table that a staging table depends on 5.3- A typed table 6/ LBAC protection cannot be applied to a nickname.
The correct answer is "B. LBAC cannot be used to restrict access to a staging table " The DB2SECURITYLABEL column is only mandatory to protect row. Reference : https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.admin.sec.doc/doc/c0021114.html