The IDSSECURITYLABEL type stores a security label in a table that is protected by a label-based access control (LBAC) security policy.

Only a user who holds the DBSECADM role can create, alter, or drop a column of this data type. IDSSECURITYLABEL is a built-in DISTINCT OF VARCHAR(128) data type, but because its use is restricted to databases that implement label-based access control, it is not classified as a character data type. A table that is protected by a security policy can have only one IDSSECURITYLABEL column. A table that is not associated with any label-based security policy cannot include an IDSSECURITYLABEL column. You cannot encrypt the security label in a column of type IDSSECURITYLABEL.

For a discussion of security policies, security components, security labels, and other concepts of label-based access control (LBAC), see the HCL OneDB™ Security Guide.