You can create a constraint object using the CREATE CONSTRAINT statement, for example:
CREATE CONSTRAINT name data_type, [NULL|NOT NULL], VALUES value_name:integer_code ...[, value_name:integer_code], Insert SYSLIB.insert_udf_name , Update SYSLIB.update_udf_name , Delete SYSLIB.delete_udf_name , Select SYSLIB.select_udf_name ;
where:
| Syntax Element | Description |
|---|---|
| name | The constraint name must be unique and must correspond to a classification category, for example, Classification_Level for the Security Classification category. |
| data_type | Defines how a label value from a defined name:value pair is encoded in corresponding constraint columns. Allowable types are:
See Security Classification Types and Required CONSTRAINT Object Settings. |
| [NULL|NOT NULL] | Specifies whether a constraint column value can be null. The default is NULL if the option is not specified. For example, security policies that require a row value to have no classification before it can be deleted must specify the NULL option. |
|
A series of name:value pairs that define either:
|
|
Specifies up to 4 security constraint UDFs, with no more than 1 of each type. Each entry specifies an SQL operation and the name of the UDF that controls the operation. If a UDF is not specified for an SQL operation, only users with the corresponding OVERRIDE privilege can execute the operation. A UDF must exist in the system before you can specify it in a CONSTRAINT object.
|