SECURITY LABEL ON

Description

Applies, updates, or cancels a security label.

Precautions

An initial user, a user with the SYSADMIN permission, or a user who inherits the permissions of the built-in role gs_role_seclabel can update or cancel security labels.

Syntax

    
         SECURITY LABEL ON { ROLE | USER | TABLE | COLUMN } objname IS {'label_name' | NULL};

Click to enlarge

Parameters

objname
- For ROLE and USER, objname indicates the user/role name.
- For TABLE, objname indicates the table name, which can be prefixed with a schema name.
- For COLUMN, objname indicates the name in the format of "table name.column name", which can be prefixed with a schema name.
label_name
Specifies the security label name.
NULL
Specifies that the security label is canceled.

Examples

    
         -- Create a security label.
gaussdb=# CREATE SECURITY LABEL sec_label 'L1:G4';

-- Create a table.
gaussdb=# CREATE TABLE tbl(c1 int, c2 int);

-- Create a user.
gaussdb=# CREATE USER bob WITH PASSWORD '********';

-- Apply a security label to the user.
gaussdb=# SECURITY LABEL ON ROLE bob IS 'sec_label';

-- Apply a security label to the table.
gaussdb=# SECURITY LABEL ON TABLE tbl IS 'sec_label';

-- Apply a security label to a column of the table.
gaussdb=# SECURITY LABEL ON COLUMN tbl.c1 IS 'sec_label';

-- Cancel the security label of the user.
gaussdb=# SECURITY LABEL ON ROLE bob IS NULL;

-- Cancel the security label of the table.
gaussdb=# SECURITY LABEL ON TABLE tbl IS NULL;

-- Cancel the security label of the column of the table.
gaussdb=# SECURITY LABEL ON COLUMN tbl.c1 IS NULL;

-- Delete table tb1.
gaussdb=# DROP TABLE tbl;

-- Delete user bob.
gaussdb=# DROP USER bob;

-- Delete the existing security label sec_label.
gaussdb=# DROP SECURITY LABEL sec_label;