You must set up a system of labels for each security classification category you want to use in defining user access levels and row access requirements.
A security classification system consists of:
- The name of the classification
- The valid labels for use in classification, where each label is a name:value pair
The labels within a classification system may represent a value hierarchy, or they may be a series of compartments with no hierarchical relationship, for example:
- Security clearance (hierarchical): Top Secret, Secret, Classified, Unclassified
- User function (non-hierarchical): Administrator, Programmer, Batch User, End User
- Division/location (non-hierarchical): Canada, China, France, Germany, United States
Each classification system is the basis for:
- A security CONSTRAINT object, which defines a set of applicable access restrictions
- A security constraint column, which apply the restrictions defined in the corresponding CONSTRAINT object to each table in which the column appears