You are hereMultilevel Security / MLS Table SELECT Example

MLS Table SELECT Example


The following diagram shows the results of two users, with differing MLS session labels, performing a SELECT operation on the same table.

 

The first user, Bob, is connected to Trusted RUBIX with an MLS session label of 'Top Secret: A'. The second user, Nancy, is connected to Trusted RUBIX with an MLS session label of 'Confidential: B'. Both users are selecting all rows from the 'MyTab' table.

 

In both cases, the SELECT result set will contain only rows which the user dominates. Note that both the user's clearance component must be higher than the row's sensitivity component and the user's compartments must include each of the row's compartments. If a user does not dominate a row, then the row is simply filtered from the result set (no error value is returned). Thus, the existence of the row is hidden.

 

The MLS filtering of the table rows occurs within the RDBMS Kernel and below the SQL Engine, making it impossible that an improper row be returned for each SQL operation.

 

MLS Table SELECT Diagram