TREE Components

A security label component of type TREE has the logical topology of a hierarchy (that is, a simple graph with no loops) that has a single root node and no more than 63 additional nodes. The string constant for the root node must be listed first and must be followed by the ROOT keyword. The string constant for each subsequently declared node must be followed by the keyword UNDER and by the string constant for some previously declared node. The set of elements of the TREE component, including their ROOT and UNDER keywords and comma separators, must be enclosed between a pair of parenthesis ( ( ... ) ) symbols.

The label element specified after the UNDER keyword is called the parent of the label element that precedes the same UNDER keyword (which is called the child of that parent element). The CREATE SECURITY LABEL COMPONENT statement fails with an error if a node name that follows the UNDER keyword has not already been declared in the same statement.

The string constant that designates the root node of a tree component has the highest data sensitivity. For a user to read or write protected data, each tree component of the user security label must include at least one of the elements in the tree component of the data row security label, or the ancestor of one such element. For example, if "Beta" is declared UNDER "Alpha" and "Gamma" is declared UNDER "Beta" then "Gamma" also ranks below "Alpha" in data sensitivity. Only elements that are in the same chain of parent-child relationships can be compared in their data sensitivity.

The next example defines a security label component called Oakland as a tree structure with six nodes:

CREATE SECURITY LABEL COMPONENT Oakland 
TREE ( 'Port' ROOT,
          'Downtown' UNDER 'Port',
          'Airport' UNDER 'Port',
          'Estuary' UNDER 'Airport',
          'Avenues' UNDER 'Downtown',
          'Hills' UNDER 'Avenues');

Here the root node is Port, which has the highest data sensitivity. Within this hierarchy, the Downtown, Avenues, and Hills elements represent descending levels of data sensitivity, and the Airport element has a higher data sensitivity than the Estuary element. In this example, the four component elements that the UNDER keyword designates as parent nodes are each declared before being included in UNDER specifications. A modified version of this example would also be valid if the Avenues node declaration preceded the Airport node declaration, but an error would result if the Hills node declaration had preceded the Avenues node declaration.

A component of type TREE can be appropriate in contexts where some dimension of a multidimensional security policy can be mapped to a single logical hierarchy, or to a group of hierarchies that share a common root.