This example creates a simple constraint definition and its associated UDF to implement a simple No Read Up security policy using sensitivity labels.
The name of the single-level hierarchical classification constraint is ReadClassification.
The CREATE FUNCTION statement defines parameters UserClearance and RowClassification to handle the data for the constraint. The input to UserClearance is data about the classification level for the user who wants to read the row. The input to RowClassification is data about the classification level for the row to read. Because the parameters are for a single-level hierarchical classification constraint, the data type is SMALLINT.
CREATE FUNCTION SYSLIB.ReadClassification ( UserClearance SMALLINT, RowClassification SMALLINT) RETURNS CHARACTER(1) SPECIFIC SYSLIB.ReadClassification LANGUAGE C DETERMINISTIC NO SQL EXTERNAL NAME ‘cs!ReadClassification!c:\udf_ReadClassification.c’ PARAMETER STYLE TD_GENERAL;
The C code for ReadClassification is as follows.
The external function compares the values for UserClearance and RowClassification. If the value for UserClearance is greater than or equal to the value for RowClassification, SELECT access to the requested row is granted. If the value for UserClearance is less than the value for RowClassification, SELECT access to the requested row is not granted.
#define SQL_TEXT Latin_Text
#include <sys/types.h>
#include “sqltypes_td.h”
void ReadClassification(short int *UserClearance,
short int *RowClassification,
char *AccessAllowed,
{
//Enforce no read up policy - user clearance must dominate row classification
if (*UserClearance >= *RowClassification)
// SELECT is allowed
*AccessAllowed = ‘T’;
else
// SELECT is not allowed
*AccessAllowed = ‘F’;
return;
}