The ADD ARRAY Clause

A security label component of type ARRAY is an ordered set of no more than 64 elements. The order in which array elements are declared is significant, because it defines a descending order of data sensitivity, with each successive element ranking lower in data sensitivity than the preceding element. The set of label elements of the array and their comma ( , ) separators must be enclosed between a pair of bracket ( [ ... ] ) symbols. The same new element cannot be declared more than once in the same ADD ARRAY clause.

In the ADD ARRAY clause, the BEFORE or AFTER keyword must follow the new element (or a comma-separated list of new elements) to specify the position of the new element within the descending order of data sensitivity. Within restrictions on the size and the number of elements, this syntax enables DBSECADM to insert a new element anywhere in the array, including the highest or the lowest position, or between consecutive existing elements. The ALTER SECURITY LABEL COMPONENT statement fails with an error, however, if the BEFORE or AFTER keyword of the ADD ARRAY clause specifies an array element that was not previously defined, either when the array component was created, or else in a previous ALTER SECURITY LABEL COMPONENT statement that modified the same array component.

If multiple ALTER SECURITY LABEL COMPONENT operations are performed to add elements to the same component of type ARRAY, DBSECADM might not be able to reach the maximum of 64 array elements because of how array elements are encoded. For information on how security elements are encoded, see the HCL OneDB™ Security Guide.

CREATE SECURITY LABEL COMPONENT aquilae  
   ARRAY [ "imperator", "tribunus", "centurio", "miles", "asinus" ];

ALTER SECURITY LABEL COMPONENT aquilae  
   ADD ARRAY [ "legatus" BEFORE "tribunus","cunctator" AFTER "asinus" ];