mirrors/docling
1
0
Fork 0
mirror of https://github.com/DS4SD/docling.git synced 2025-12-10 05:38:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

add modified test results

Browse Source 
Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>
This commit is contained in:
Michele Dolfi
2025-09-10 08:43:29 +02:00
parent a4efd70410
commit 1324eb75fc
10 changed files with 21262 additions and 17426 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
tests/data/groundtruth/docling_v2/redp5110_sampled.md vendored
View File

@@ -8,49 +8,50 @@ Front cover
## Contents
| Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . vii |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|
| Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | viii |
| DB2 for i Center of Excellence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . ix |
| Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . xi |
| Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . xi |
| Now you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | xiii |
| Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | xiii |
| Stay connected to IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | xiv |
| Chapter 1. Securing and protecting IBM DB2 data . . . . . . . . . . . . . . . . . . . . . . . | . 1 |
| 1.1 Security fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 2 |
| 1.2 Current state of IBM i security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 2 |
| 1.3 DB2 for i security controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 3 |
| 1.3.1 Existing row and column control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 4 |
| 1.3.2 New controls: Row and Column Access Control. . . . . . . . . . . . . . . . . . . . . | . 5 |
| Chapter 2. Roles and separation of duties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 7 |
| 2.1 Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | . 8 |
| 2.1.1 DDM and DRDA application server access: QIBM_DB_DDMDRDA . . . . . | . 8 |
| 2.1.2 Toolbox application server access: QIBM_DB_ZDA. . . . . . . . . . . . . . . . . . | . 8 |
| 2.1.3 Database Administrator function: QIBM_DB_SQLADM . . . . . . . . . . . . . . . | . 9 |
| 2.1.4 Database Information function: QIBM_DB_SYSMON . . . . . . . . . . . . . . . . | . 9 |
| 2.1.5 Security Administrator function: QIBM_DB_SECADM . . . . . . . . . . . . . . . . | . 9 |
| 2.1.6 Change Function Usage CL command. . . . . . . . . . . . . . . . . . . . . . . . . . . . | 10 |
| 2.1.7 Verifying function usage IDs for RCAC with the FUNCTION_USAGE view | 10 |
| 2.2 Separation of duties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 10 |
| Chapter 3. Row and Column Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 13 |
| 3.1 Explanation of RCAC and the concept of access control . . . . . . . . . . . . . . . . . . | 14 |
| 3.1.1 Row permission and column mask definitions . . . . . . . . . . . . . . . . . . . . . . 3.1.2 Enabling and activating RCAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 14 |
| 3.2 Special registers and built-in global variables . . . . . . . . . . . . . . . . . . . . . . . . . . . | 16 18 |
| 3.2.1 Special registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 18 |
| 3.2.2 Built-in global variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 19 |
| 3.3 VERIFY_GROUP_FOR_USER function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 20 |
| 3.4 Establishing and controlling accessibility by using the RCAC rule text. . . . . . . . | 21 |
| 3.5 SELECT, INSERT, and UPDATE behavior with RCAC . . . . . . . . . . . . . . . . . . . | 22 |
| Human resources example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 22 |
| 3.6 3.6.1 Assigning the QIBM_DB_SECADM function ID to the consultants. . . . . . . | 23 |
| 3.6.2 Creating group profiles for the users and their roles. . . . . . . . . . . . . . . . . . | 23 |
| 3.6.3 Demonstrating data access without RCAC. . . . . . . . . . . . . . . . . . . . . . . . . | 24 |
| 3.6.4 Defining and creating row permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 25 |
| masks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . | 26 |
| 3.6.5 Defining and creating column | 28 |
| 3.6.6 Activating RCAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.6.7 Demonstrating data access with RCAC . . . . . . . . . . . . . . . . . . . . . . . . . . . | 29 |
| 3.6.8 Demonstrating data access with a view and RCAC . . . . . . . . . . . . . . . . . . | 32 |
| Notices | viii |
|----------------------------------------------------------------------------|--------|
| Trademarks | viii |
| DB2 for i Center of Excellence | ix |
| Preface | xii |
| Authors | xiii |
| Now you can become a published author, too! | xiii |
| Comments welcome | xiii |
| Stay connected to IBM Redbooks | xiv |
| Chapter 1. Securing and protecting IBM DB2 data | 1 |
| 1.1 Security fundamentals | 2 |
| 1.2 Current state of IBM i security | 2 |
| 1.3 DB2 for i security controls | 3 |
| 1.3.1 Existing row and column control | 4 |
| 1.3.2 New controls: Row and Column Access Control | 5 |
| Chapter 2. Roles and separation of duties | 7 |
| 2.1 Roles | 8 |
| 2.1.1 DDM and DRDA application server access: QIBM_DB_DDMDRDA | 8 |
| 2.1.2 Toolbox application server access: QIBM_DB_ZDA. | 8 |
| 2.1.3 Database Administrator function: QIBM_DB_SQLADM | 9 |
| 2.1.4 Database Information function: QIBM_DB_SYSMON | 9 |
| 2.1.5 Security Administrator function: QIBM_DB_SECADM | 9 |
| 2.1.6 Change Function Usage CL command | 10 |
| 2.1.7 Verifying function usage IDs for RCAC with the FUNCTION_USAGE view | 10 |
| 2.2 Separation of duties | 10 |
| Chapter 3. Row and Column Access Control | 13 |
| 3.1 Explanation of RCAC and the concept of access control | 14 |
| 3.1.1 Row permission and column mask definitions | 14 |
| 3.1.2 Enabling and activating RCAC | 16 |
| 3.2 Special registers and built-in global variables | 18 |
| 3.2.1 Special registers | 18 |
| 3.2.2 Built-in global variables | 19 |
| 3.3 VERIFY_GROUP_FOR_USER function | 20 |
| 3.4 Establishing and controlling accessibility by using the RCAC rule text | 21 |
| 3.5 SELECT, INSERT, and UPDATE behavior with RCAC | 22 |
| 3.6 Human resources example | 22 |
| 3.6.1 Assigning the QIBM_DB_SECADM function ID to the consultants | 23 |
| 3.6.2 Creating group profiles for the users and their roles | 23 |
| 3.6.3 Demonstrating data access without RCAC | 24 |
| 3.6.4 Defining and creating row permissions | 25 |
| 3.6.5 Defining and creating column masks | 26 |
| 3.6.6 Activating RCAC | 28 |
| 3.7 Demonstrating data access with RCAC | 29 |
| 3.8 Demonstrating data access with a view and RCAC | 32 |
DB2 for i Center of Excellence
@@ -189,21 +190,22 @@ The FUNCTION\_USAGE view contains function usage configuration details. Table 2-
Table 2-1 FUNCTION\_USAGE view
| Column name | Data type | Description |
|---------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
| FUNCTION_ID | VARCHAR(30) | ID of the function. |
| USER_NAME | VARCHAR(10) | Name of the user profile that has a usage setting for this function. |
| USAGE | VARCHAR(7) | Usage setting: /SM590000 ALLOWED: The user profile is allowed to use the function. /SM590000 DENIED: The user profile is not allowed to use the function. |
| USER_TYPE | VARCHAR(5) | Type of user profile: /SM590000 USER: The user profile is a user. /SM590000 GROUP: The user profile is a group. |
| Column name | Data type | Description |
|---------------|-------------|----------------------------------------------------------------------|
| FUNCTION_ID | VARCHAR(30) | ID of the function. |
| USER_NAME | VARCHAR(10) | Name of the user profile that has a usage setting for this function. |
| USAGE | VARCHAR(7) | Usage setting: |
| USER_TYPE | VARCHAR(5) | Type of user profile: |
To discover who has authorization to define and manage RCAC, you can use the query that is shown in Example 2-1.
Example 2-1 Query to determine who has authority to define and manage RCAC
| SELECT | function_id, user_name, usage, user_type |
|------------|--------------------------------------------------------|
| FROM ORDER | function_usage function_id='QIBM_DB_SECADM' user_name; |
| WHERE | |
| SELECT | function_id, user_name, usage, user_type |
|----------|--------------------------------------------|
| FROM | function_usage |
| WHERE | function_id='QIBM_DB_SECADM' |
| ORDER BY | user_name; |
## 2.2 Separation of duties
@@ -223,20 +225,19 @@ Table 2-2 shows a comparison of the different function usage IDs and *JOBCTL aut
Table 2-2 Comparison of the different function usage IDs and *JOBCTL authority
| User action | *JOBCTL | QIBM_DB_SECADM | QIBM_DB_SQLADM | QIBM_DB_SYSMON | No Authority |
|-----------------------------------------------------------------------------|-----------|------------------|------------------|------------------|----------------|
| SET CURRENT DEGREE (SQL statement) | X | | X | | |
| CHGQRYA command targeting a different user's job | X | | X | | |
| STRDBMON or ENDDBMON commands targeting a different user's job | X | | X | | |
| STRDBMON or ENDDBMON commands targeting a job that matches the current user | X | | X | X | X |
| QUSRJOBI() API format 900 or System i Navigator's SQL Details for Job | X | | X | X | |
| Visual Explain within Run SQL scripts | X | | X | X | X |
| Visual Explain outside of Run SQL scripts | X | | X | | |
| ANALYZE PLAN CACHE procedure | X | | X | | |
| DUMP PLAN CACHE procedure | X | | X | | |
| MODIFY PLAN CACHE procedure | X | | X | | |
| MODIFY PLAN CACHE PROPERTIES procedure (currently does not check authority) | X | | X | | |
| CHANGE PLAN CACHE SIZE procedure (currently does not check authority) | X | | X | | |
| User action | SET CURRENT DEGREE (SQL statement) | X | QIBCMDB_SECADM | QIBCMDB_SQLADM | QIBCMDB_SYSMON | No Authority |
|-----------------------------------------------------------------------------|--------------------------------------|-----|------------------|------------------|------------------|----------------|
| CHGQRYA command targeting a different user's job | X | | X | | | |
| STRDBMON or ENDBDMON commands targeting a different user's job | X | | X | | | |
| STRDBMON or ENDBDMON commands targeting a job that matches the current user | X | | X | X | X | X |
| QUSRJOBI() API format 900 or System i Navigator's SQL Details for Job | X | | X | X | | |
| Visual Explain within Run SQL scripts | X | | X | X | X | X |
| Visual Explain outside of Run SQL scripts | X | | X | | | |
| ANALYZE PLAN CACHE procedure | X | | X | | | |
| DUMP PLAN CACHE procedure | X | | X | | | |
| MODIFY PLAN CACHE procedure | X | | X | | | |
| MODIFY PLAN CACHE PROPERTIES procedure (currently does not check authority) | X | | X | | | |
| CHANGE PLAN CACHE SIZE procedure (currently does not check authority) | X | | X | | | |
The SQL CREATE PERMISSION statement that is shown in Figure 3-1 is used to define and initially enable or disable the row access rules.