Help Center> GaussDB> Distributed_8.x> SQL Reference> SQL Syntax> C> CREATE SECURITY LABEL
Updated on 2024-06-03 GMT+08:00
View PDF

CREATE SECURITY LABEL

Description

CREATE SECURITY LABEL creates a security label for the specified security policy in the current database.

Precautions

An initial user, a user with the SYSADMIN permission, or a user who inherits the gs_role_seclabel permission of the built-in role can create security labels.

Syntax

1
 
CREATE SECURITY LABEL label_name 'label_content';

Parameters

  • label_name

    Security label name, which must be unique in the database.

    Value range: a string of a maximum of 63 characters. Only lowercase letters (a to z), uppercase letters (A to Z), digits, underscores (_), and dollar signs ($) are allowed. If the length exceeds 63 characters, the database retains only the first 63 characters as the security label name.

  • label_content

    Security label content. The requirements are as follows:

    A security label consists of only one level and at least one range, which are separated by a colon (:). The format is "level:range", for example, "L1:G2,G41,G6-G27".
    • There are 1024 levels named Li, where 1 ≤ i ≤ 1024. The levels meet a partial order relationship (if i ≤ j, then Li ≤ Lj). For example, L1 is lower than L3.
    • There are 1024 ranges named Gi, where 1 ≤ i ≤ 1024. You cannot compare sizes between ranges, but you can perform set operations. Multiple ranges are separated by commas (,), and a hyphen (-) is used to specify the interval. For example, {G2-G5} indicates {G2,G3,G4,G5}. {G1} is a subset of {G1, G6}.
    • The letters L and G must be capitalized and followed by at least one non-zero digit. Other characters are not allowed. In the {Gxxx-Gyyy} format, yyy must be greater than or equal to xxx.
    • If the input levels and ranges do not meet the requirements, the system reports an error. 
      Example:
gaussdb=# CREATE SECURITY LABEL sec_label3 'L3:'; // The label must contain at least one content range category.
ERROR:  in label text "L3:", there at least have one level and one group

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
-- Create a security label sec_label.
gaussdb=# CREATE SECURITY LABEL sec_label 'L1:G4';

-- Create security label sec_label with the content of 'L1:G2,G4'.
gaussdb=# CREATE SECURITY LABEL sec_label 'L1:G2,G4';                     
ERROR:  security label "sec_label" already exists  
-- Create security label sec_label1 with the content of 'L1:G2,G4'.
gaussdb=# CREATE SECURITY LABEL sec_label1 'L1:G2,G4';

-- Create security label sec_label2 with the content of 'L3:G1-G5'.
gaussdb=# CREATE SECURITY LABEL sec_label2 'L3:G1-G5';

-- View the security labels created in the system.
gaussdb=# SELECT * FROM gs_security_label;
 label_name | label_content 
------------+---------------
 sec_label  | L1:G4
 sec_label1 | L1:G2,G4
 sec_label2 | L3:G1-G5
(3 rows)

-- Delete the existing security labels sec_label, sec_label1, and sec_label2.
gaussdb=# DROP SECURITY LABEL sec_label;
gaussdb=# DROP SECURITY LABEL sec_label1;
gaussdb=# DROP SECURITY LABEL sec_label2;

-- View the security labels created in the system again.
gaussdb=# SELECT * FROM gs_security_label;
 label_name | label_content 
------------+---------------
(0 rows)

Helpful Links

DROP SECURITY LABEL and SECURITY LABEL ON

Parent topic: C