mirrors/docling
1
0
Fork 0
mirror of https://github.com/DS4SD/docling.git synced 2025-12-09 05:08:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Expose equation exports (#869)

Browse Source 
* pin new docling-core and exploit it via assembler changes

Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>

* update test results

Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>

* update with docling-core release

Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>

---------

Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>
This commit is contained in:
Michele Dolfi
2025-02-03 10:31:19 +01:00
committed by GitHub
parent 0cd81a8122
commit 6a76b49a47
19 changed files with 138 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
tests/data/groundtruth/docling_v2/redp5110_sampled.md
View File

@@ -63,10 +63,10 @@ Solution Brief IBM Systems Lab Services and Training
## Highlights
- GLYPH<g115>GLYPH<g3> GLYPH<g40>GLYPH<g81>GLYPH<g75>GLYPH<g68>GLYPH<g81>GLYPH<g70>GLYPH<g72>GLYPH<g3> GLYPH<g87>GLYPH<g75>GLYPH<g72>GLYPH<g3> GLYPH<g83>GLYPH<g72>GLYPH<g85>GLYPH<g73>GLYPH<g82>GLYPH<g85>GLYPH<g80>GLYPH<g68>GLYPH<g81>GLYPH<g70>GLYPH<g72>GLYPH<g3> GLYPH<g82>GLYPH<g73>GLYPH<g3> GLYPH<g92>GLYPH<g82>GLYPH<g88>GLYPH<g85> GLYPH<g3> GLYPH<g71>GLYPH<g68>GLYPH<g87>GLYPH<g68>GLYPH<g69>GLYPH<g68>GLYPH<g86>GLYPH<g72>GLYPH<g3> GLYPH<g82>GLYPH<g83>GLYPH<g72>GLYPH<g85>GLYPH<g68>GLYPH<g87>GLYPH<g76>GLYPH<g82>GLYPH<g81>GLYPH<g86>
- GLYPH<g115>GLYPH<g3> GLYPH<g40>GLYPH<g68>GLYPH<g85> GLYPH<g81>GLYPH<g3> GLYPH<g74>GLYPH<g85>GLYPH<g72>GLYPH<g68>GLYPH<g87>GLYPH<g72>GLYPH<g85>GLYPH<g3> GLYPH<g85>GLYPH<g72>GLYPH<g87>GLYPH<g88>GLYPH<g85> GLYPH<g81>GLYPH<g3> GLYPH<g82>GLYPH<g81>GLYPH<g3> GLYPH<g44>GLYPH<g55>GLYPH<g3> GLYPH<g83>GLYPH<g85>GLYPH<g82>GLYPH<g77>GLYPH<g72>GLYPH<g70>GLYPH<g87>GLYPH<g86> GLYPH<g3> GLYPH<g87>GLYPH<g75>GLYPH<g85>GLYPH<g82>GLYPH<g88>GLYPH<g74>GLYPH<g75>GLYPH<g3> GLYPH<g80>GLYPH<g82>GLYPH<g71>GLYPH<g72>GLYPH<g85> GLYPH<g81>GLYPH<g76>GLYPH<g93>GLYPH<g68>GLYPH<g87>GLYPH<g76>GLYPH<g82>GLYPH<g81>GLYPH<g3> GLYPH<g82>GLYPH<g73>GLYPH<g3> GLYPH<g71>GLYPH<g68>GLYPH<g87>GLYPH<g68>GLYPH<g69>GLYPH<g68>GLYPH<g86>GLYPH<g72>GLYPH<g3> GLYPH<g68>GLYPH<g81>GLYPH<g71> GLYPH<g3> GLYPH<g68>GLYPH<g83>GLYPH<g83>GLYPH<g79>GLYPH<g76>GLYPH<g70>GLYPH<g68>GLYPH<g87>GLYPH<g76>GLYPH<g82>GLYPH<g81>GLYPH<g86>
- GLYPH<g115>GLYPH<g3> GLYPH<g53>GLYPH<g72>GLYPH<g79>GLYPH<g92>GLYPH<g3> GLYPH<g82>GLYPH<g81>GLYPH<g3> GLYPH<g44>GLYPH<g37>GLYPH<g48>GLYPH<g3> GLYPH<g72>GLYPH<g91>GLYPH<g83>GLYPH<g72>GLYPH<g85>GLYPH<g87>GLYPH<g3> GLYPH<g70>GLYPH<g82>GLYPH<g81>GLYPH<g86>GLYPH<g88>GLYPH<g79>GLYPH<g87>GLYPH<g76>GLYPH<g81>GLYPH<g74>GLYPH<g15>GLYPH<g3> GLYPH<g86>GLYPH<g78>GLYPH<g76>GLYPH<g79>GLYPH<g79>GLYPH<g86> GLYPH<g3> GLYPH<g86>GLYPH<g75>GLYPH<g68>GLYPH<g85>GLYPH<g76>GLYPH<g81>GLYPH<g74>GLYPH<g3> GLYPH<g68>GLYPH<g81>GLYPH<g71>GLYPH<g3> GLYPH<g85>GLYPH<g72>GLYPH<g81>GLYPH<g82>GLYPH<g90>GLYPH<g81>GLYPH<g3> GLYPH<g86>GLYPH<g72>GLYPH<g85>GLYPH<g89>GLYPH<g76>GLYPH<g70>GLYPH<g72>GLYPH<g86>
- GLYPH<g115>GLYPH<g3> GLYPH<g55> GLYPH<g68>GLYPH<g78>GLYPH<g72>GLYPH<g3> GLYPH<g68>GLYPH<g71>GLYPH<g89>GLYPH<g68>GLYPH<g81>GLYPH<g87>GLYPH<g68>GLYPH<g74>GLYPH<g72>GLYPH<g3> GLYPH<g82>GLYPH<g73>GLYPH<g3> GLYPH<g68>GLYPH<g70>GLYPH<g70>GLYPH<g72>GLYPH<g86>GLYPH<g86>GLYPH<g3> GLYPH<g87>GLYPH<g82>GLYPH<g3> GLYPH<g68> GLYPH<g3> GLYPH<g90>GLYPH<g82>GLYPH<g85>GLYPH<g79>GLYPH<g71>GLYPH<g90>GLYPH<g76>GLYPH<g71>GLYPH<g72>GLYPH<g3> GLYPH<g86>GLYPH<g82>GLYPH<g88>GLYPH<g85>GLYPH<g70>GLYPH<g72>GLYPH<g3> GLYPH<g82>GLYPH<g73>GLYPH<g3> GLYPH<g72>GLYPH<g91>GLYPH<g83>GLYPH<g72>GLYPH<g85>GLYPH<g87>GLYPH<g76>GLYPH<g86>GLYPH<g72>
- GLYPH&lt;g115&gt;GLYPH&lt;g3&gt; GLYPH&lt;g40&gt;GLYPH&lt;g81&gt;GLYPH&lt;g75&gt;GLYPH&lt;g68&gt;GLYPH&lt;g81&gt;GLYPH&lt;g70&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g87&gt;GLYPH&lt;g75&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g83&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g73&gt;GLYPH&lt;g82&gt;GLYPH&lt;g85&gt;GLYPH&lt;g80&gt;GLYPH&lt;g68&gt;GLYPH&lt;g81&gt;GLYPH&lt;g70&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g73&gt;GLYPH&lt;g3&gt; GLYPH&lt;g92&gt;GLYPH&lt;g82&gt;GLYPH&lt;g88&gt;GLYPH&lt;g85&gt; GLYPH&lt;g3&gt; GLYPH&lt;g71&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g68&gt;GLYPH&lt;g69&gt;GLYPH&lt;g68&gt;GLYPH&lt;g86&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g83&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g76&gt;GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g86&gt;
- GLYPH&lt;g115&gt;GLYPH&lt;g3&gt; GLYPH&lt;g40&gt;GLYPH&lt;g68&gt;GLYPH&lt;g85&gt; GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g74&gt;GLYPH&lt;g85&gt;GLYPH&lt;g72&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g3&gt; GLYPH&lt;g85&gt;GLYPH&lt;g72&gt;GLYPH&lt;g87&gt;GLYPH&lt;g88&gt;GLYPH&lt;g85&gt; GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g44&gt;GLYPH&lt;g55&gt;GLYPH&lt;g3&gt; GLYPH&lt;g83&gt;GLYPH&lt;g85&gt;GLYPH&lt;g82&gt;GLYPH&lt;g77&gt;GLYPH&lt;g72&gt;GLYPH&lt;g70&gt;GLYPH&lt;g87&gt;GLYPH&lt;g86&gt; GLYPH&lt;g3&gt; GLYPH&lt;g87&gt;GLYPH&lt;g75&gt;GLYPH&lt;g85&gt;GLYPH&lt;g82&gt;GLYPH&lt;g88&gt;GLYPH&lt;g74&gt;GLYPH&lt;g75&gt;GLYPH&lt;g3&gt; GLYPH&lt;g80&gt;GLYPH&lt;g82&gt;GLYPH&lt;g71&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt; GLYPH&lt;g81&gt;GLYPH&lt;g76&gt;GLYPH&lt;g93&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g76&gt;GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g73&gt;GLYPH&lt;g3&gt; GLYPH&lt;g71&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g68&gt;GLYPH&lt;g69&gt;GLYPH&lt;g68&gt;GLYPH&lt;g86&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g68&gt;GLYPH&lt;g81&gt;GLYPH&lt;g71&gt; GLYPH&lt;g3&gt; GLYPH&lt;g68&gt;GLYPH&lt;g83&gt;GLYPH&lt;g83&gt;GLYPH&lt;g79&gt;GLYPH&lt;g76&gt;GLYPH&lt;g70&gt;GLYPH&lt;g68&gt;GLYPH&lt;g87&gt;GLYPH&lt;g76&gt;GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g86&gt;
- GLYPH&lt;g115&gt;GLYPH&lt;g3&gt; GLYPH&lt;g53&gt;GLYPH&lt;g72&gt;GLYPH&lt;g79&gt;GLYPH&lt;g92&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g44&gt;GLYPH&lt;g37&gt;GLYPH&lt;g48&gt;GLYPH&lt;g3&gt; GLYPH&lt;g72&gt;GLYPH&lt;g91&gt;GLYPH&lt;g83&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g87&gt;GLYPH&lt;g3&gt; GLYPH&lt;g70&gt;GLYPH&lt;g82&gt;GLYPH&lt;g81&gt;GLYPH&lt;g86&gt;GLYPH&lt;g88&gt;GLYPH&lt;g79&gt;GLYPH&lt;g87&gt;GLYPH&lt;g76&gt;GLYPH&lt;g81&gt;GLYPH&lt;g74&gt;GLYPH&lt;g15&gt;GLYPH&lt;g3&gt; GLYPH&lt;g86&gt;GLYPH&lt;g78&gt;GLYPH&lt;g76&gt;GLYPH&lt;g79&gt;GLYPH&lt;g79&gt;GLYPH&lt;g86&gt; GLYPH&lt;g3&gt; GLYPH&lt;g86&gt;GLYPH&lt;g75&gt;GLYPH&lt;g68&gt;GLYPH&lt;g85&gt;GLYPH&lt;g76&gt;GLYPH&lt;g81&gt;GLYPH&lt;g74&gt;GLYPH&lt;g3&gt; GLYPH&lt;g68&gt;GLYPH&lt;g81&gt;GLYPH&lt;g71&gt;GLYPH&lt;g3&gt; GLYPH&lt;g85&gt;GLYPH&lt;g72&gt;GLYPH&lt;g81&gt;GLYPH&lt;g82&gt;GLYPH&lt;g90&gt;GLYPH&lt;g81&gt;GLYPH&lt;g3&gt; GLYPH&lt;g86&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g89&gt;GLYPH&lt;g76&gt;GLYPH&lt;g70&gt;GLYPH&lt;g72&gt;GLYPH&lt;g86&gt;
- GLYPH&lt;g115&gt;GLYPH&lt;g3&gt; GLYPH&lt;g55&gt; GLYPH&lt;g68&gt;GLYPH&lt;g78&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g68&gt;GLYPH&lt;g71&gt;GLYPH&lt;g89&gt;GLYPH&lt;g68&gt;GLYPH&lt;g81&gt;GLYPH&lt;g87&gt;GLYPH&lt;g68&gt;GLYPH&lt;g74&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g73&gt;GLYPH&lt;g3&gt; GLYPH&lt;g68&gt;GLYPH&lt;g70&gt;GLYPH&lt;g70&gt;GLYPH&lt;g72&gt;GLYPH&lt;g86&gt;GLYPH&lt;g86&gt;GLYPH&lt;g3&gt; GLYPH&lt;g87&gt;GLYPH&lt;g82&gt;GLYPH&lt;g3&gt; GLYPH&lt;g68&gt; GLYPH&lt;g3&gt; GLYPH&lt;g90&gt;GLYPH&lt;g82&gt;GLYPH&lt;g85&gt;GLYPH&lt;g79&gt;GLYPH&lt;g71&gt;GLYPH&lt;g90&gt;GLYPH&lt;g76&gt;GLYPH&lt;g71&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g86&gt;GLYPH&lt;g82&gt;GLYPH&lt;g88&gt;GLYPH&lt;g85&gt;GLYPH&lt;g70&gt;GLYPH&lt;g72&gt;GLYPH&lt;g3&gt; GLYPH&lt;g82&gt;GLYPH&lt;g73&gt;GLYPH&lt;g3&gt; GLYPH&lt;g72&gt;GLYPH&lt;g91&gt;GLYPH&lt;g83&gt;GLYPH&lt;g72&gt;GLYPH&lt;g85&gt;GLYPH&lt;g87&gt;GLYPH&lt;g76&gt;GLYPH&lt;g86&gt;GLYPH&lt;g72&gt;
<!-- image -->
@@ -130,20 +130,20 @@ Businesses must make a serious effort to secure their data and recognize that se
This chapter describes how you can secure and protect data in DB2 for i. The following topics are covered in this chapter:
- GLYPH<SM590000> Security fundamentals
- GLYPH<SM590000> Current state of IBM i security
- GLYPH<SM590000> DB2 for i security controls
- GLYPH&lt;SM590000&gt; Security fundamentals
- GLYPH&lt;SM590000&gt; Current state of IBM i security
- GLYPH&lt;SM590000&gt; DB2 for i security controls
## 1.1 Security fundamentals
Before reviewing database security techniques, there are two fundamental steps in securing information assets that must be described:
- GLYPH<SM590000> First, and most important, is the definition of a company's security policy . Without a security policy, there is no definition of what are acceptable practices for using, accessing, and storing information by who, what, when, where, and how. A security policy should minimally address three things: confidentiality, integrity, and availability.
- GLYPH&lt;SM590000&gt; First, and most important, is the definition of a company's security policy . Without a security policy, there is no definition of what are acceptable practices for using, accessing, and storing information by who, what, when, where, and how. A security policy should minimally address three things: confidentiality, integrity, and availability.
- The monitoring and assessment of adherence to the security policy determines whether your security strategy is working. Often, IBM security consultants are asked to perform security assessments for companies without regard to the security policy. Although these assessments can be useful for observing how the system is defined and how data is being accessed, they cannot determine the level of security without a security policy. Without a security policy, it really is not an assessment as much as it is a baseline for monitoring the changes in the security settings that are captured.
A security policy is what defines whether the system and its settings are secure (or not).
- GLYPH<SM590000> The second fundamental in securing data assets is the use of resource security . If implemented properly, resource security prevents data breaches from both internal and external intrusions. Resource security controls are closely tied to the part of the security policy that defines who should have access to what information resources. A hacker might be good enough to get through your company firewalls and sift his way through to your system, but if they do not have explicit access to your database, the hacker cannot compromise your information assets.
- GLYPH&lt;SM590000&gt; The second fundamental in securing data assets is the use of resource security . If implemented properly, resource security prevents data breaches from both internal and external intrusions. Resource security controls are closely tied to the part of the security policy that defines who should have access to what information resources. A hacker might be good enough to get through your company firewalls and sift his way through to your system, but if they do not have explicit access to your database, the hacker cannot compromise your information assets.
With your eyes now open to the importance of securing information assets, the rest of this chapter reviews the methods that are available for securing database resources on IBM i.
@@ -173,9 +173,9 @@ Figure 1-2 Existing row and column controls
The following CL commands can be used to work with, display, or change function usage IDs:
- GLYPH<SM590000> Work Function Usage ( WRKFCNUSG )
- GLYPH<SM590000> Change Function Usage ( CHGFCNUSG )
- GLYPH<SM590000> Display Function Usage ( DSPFCNUSG )
- GLYPH&lt;SM590000&gt; Work Function Usage ( WRKFCNUSG )
- GLYPH&lt;SM590000&gt; Change Function Usage ( CHGFCNUSG )
- GLYPH&lt;SM590000&gt; Display Function Usage ( DSPFCNUSG )
For example, the following CHGFCNUSG command shows granting authorization to user HBEDOYA to administer and manage RCAC rules:
@@ -191,8 +191,8 @@ Table 2-1 FUNCTION\_USAGE view
|---------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| FUNCTION\_ID | VARCHAR(30) | ID of the function. |
| USER\_NAME | VARCHAR(10) | Name of the user profile that has a usage setting for this function. |
| USAGE | VARCHAR(7) | Usage setting: GLYPH<SM590000> ALLOWED: The user profile is allowed to use the function. GLYPH<SM590000> DENIED: The user profile is not allowed to use the function. |
| USER\_TYPE | VARCHAR(5) | Type of user profile: GLYPH<SM590000> USER: The user profile is a user. GLYPH<SM590000> GROUP: The user profile is a group. |
| USAGE | VARCHAR(7) | Usage setting: GLYPH&lt;SM590000&gt; ALLOWED: The user profile is allowed to use the function. GLYPH&lt;SM590000&gt; DENIED: The user profile is not allowed to use the function. |
| USER\_TYPE | VARCHAR(5) | Type of user profile: GLYPH&lt;SM590000&gt; USER: The user profile is a user. GLYPH&lt;SM590000&gt; GROUP: The user profile is a group. |
To discover who has authorization to define and manage RCAC, you can use the query that is shown in Example 2-1.
@@ -273,11 +273,11 @@ Table 3-1 Special registers and their corresponding values
Figure 3-5 shows the difference in the special register values when an adopted authority is used:
- GLYPH<SM590000> A user connects to the server using the user profile ALICE.
- GLYPH<SM590000> USER and CURRENT USER initially have the same value of ALICE.
- GLYPH<SM590000> ALICE calls an SQL procedure that is named proc1, which is owned by user profile JOE and was created to adopt JOE's authority when it is called.
- GLYPH<SM590000> While the procedure is running, the special register USER still contains the value of ALICE because it excludes any adopted authority. The special register CURRENT USER contains the value of JOE because it includes any adopted authority.
- GLYPH<SM590000> When proc1 ends, the session reverts to its original state with both USER and CURRENT USER having the value of ALICE.
- GLYPH&lt;SM590000&gt; A user connects to the server using the user profile ALICE.
- GLYPH&lt;SM590000&gt; USER and CURRENT USER initially have the same value of ALICE.
- GLYPH&lt;SM590000&gt; ALICE calls an SQL procedure that is named proc1, which is owned by user profile JOE and was created to adopt JOE's authority when it is called.
- GLYPH&lt;SM590000&gt; While the procedure is running, the special register USER still contains the value of ALICE because it excludes any adopted authority. The special register CURRENT USER contains the value of JOE because it includes any adopted authority.
- GLYPH&lt;SM590000&gt; When proc1 ends, the session reverts to its original state with both USER and CURRENT USER having the value of ALICE.
Figure 3-5 Special registers and adopted authority
@@ -318,7 +318,7 @@ Here is an example of using the VERIFY\_GROUP\_FOR\_USER function:
- 3. If a user is connected to the server using user profile JANE, all of the following function invocations return a value of 1:
```
VERIFY\_GROUP\_FOR\_USER (CURRENT\_USER, 'MGR') VERIFY\_GROUP\_FOR\_USER (CURRENT\_USER, 'JANE', 'MGR') VERIFY\_GROUP\_FOR\_USER (CURRENT\_USER, 'JANE', 'MGR', 'STEVE') The following function invocation returns a value of 0: VERIFY\_GROUP\_FOR\_USER (CURRENT\_USER, 'JUDY', 'TONY')
VERIFY_GROUP_FOR_USER (CURRENT_USER, 'MGR') VERIFY_GROUP_FOR_USER (CURRENT_USER, 'JANE', 'MGR') VERIFY_GROUP_FOR_USER (CURRENT_USER, 'JANE', 'MGR', 'STEVE') The following function invocation returns a value of 0: VERIFY_GROUP_FOR_USER (CURRENT_USER, 'JUDY', 'TONY')
```
RETURN
@@ -326,7 +326,7 @@ RETURN
CASE
```
WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'HR', 'EMP' ) = 1 THEN EMPLOYEES . DATE\_OF\_BIRTH WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'MGR' ) = 1 AND SESSION\_USER = EMPLOYEES . USER\_ID THEN EMPLOYEES . DATE\_OF\_BIRTH WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'MGR' ) = 1 AND SESSION\_USER <> EMPLOYEES . USER\_ID THEN ( 9999 || '-' || MONTH ( EMPLOYEES . DATE\_OF\_BIRTH ) || '-' || DAY (EMPLOYEES.DATE\_OF\_BIRTH )) ELSE NULL END ENABLE ;
WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'HR', 'EMP' ) = 1 THEN EMPLOYEES . DATE_OF_BIRTH WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'MGR' ) = 1 AND SESSION_USER = EMPLOYEES . USER_ID THEN EMPLOYEES . DATE_OF_BIRTH WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'MGR' ) = 1 AND SESSION_USER <> EMPLOYEES . USER_ID THEN ( 9999 || '-' || MONTH ( EMPLOYEES . DATE_OF_BIRTH ) || '-' || DAY (EMPLOYEES.DATE_OF_BIRTH )) ELSE NULL END ENABLE ;
```
- 2. The other column to mask in this example is the TAX\_ID information. In this example, the rules to enforce include the following ones:
@@ -339,7 +339,7 @@ WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'HR', 'EMP' ) = 1 THEN EMPLOYEES
Example 3-9 Creating a mask on the TAX\_ID column
```
CREATE MASK HR\_SCHEMA.MASK\_TAX\_ID\_ON\_EMPLOYEES ON HR\_SCHEMA.EMPLOYEES AS EMPLOYEES FOR COLUMN TAX\_ID RETURN CASE WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'HR' ) = 1 THEN EMPLOYEES . TAX\_ID WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'MGR' ) = 1 AND SESSION\_USER = EMPLOYEES . USER\_ID THEN EMPLOYEES . TAX\_ID WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'MGR' ) = 1 AND SESSION\_USER <> EMPLOYEES . USER\_ID THEN ( 'XXX-XX-' CONCAT QSYS2 . SUBSTR ( EMPLOYEES . TAX\_ID , 8 , 4 ) ) WHEN VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'EMP' ) = 1 THEN EMPLOYEES . TAX\_ID ELSE 'XXX-XX-XXXX' END ENABLE ;
CREATE MASK HR_SCHEMA.MASK_TAX_ID_ON_EMPLOYEES ON HR_SCHEMA.EMPLOYEES AS EMPLOYEES FOR COLUMN TAX_ID RETURN CASE WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'HR' ) = 1 THEN EMPLOYEES . TAX_ID WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'MGR' ) = 1 AND SESSION_USER = EMPLOYEES . USER_ID THEN EMPLOYEES . TAX_ID WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'MGR' ) = 1 AND SESSION_USER <> EMPLOYEES . USER_ID THEN ( 'XXX-XX-' CONCAT QSYS2 . SUBSTR ( EMPLOYEES . TAX_ID , 8 , 4 ) ) WHEN VERIFY_GROUP_FOR_USER ( SESSION_USER , 'EMP' ) = 1 THEN EMPLOYEES . TAX_ID ELSE 'XXX-XX-XXXX' END ENABLE ;
```
- 3. Figure 3-10 shows the masks that are created in the HR\_SCHEMA.
@@ -386,7 +386,7 @@ Figure 4-69 Index advice with no RCAC
<!-- image -->
```
THEN C . CUSTOMER\_TAX\_ID WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'TELLER' ) = 1 THEN ( 'XXX-XX-' CONCAT QSYS2 . SUBSTR ( C . CUSTOMER\_TAX\_ID , 8 , 4 ) ) WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER\_TAX\_ID ELSE 'XXX-XX-XXXX' END ENABLE ; CREATE MASK BANK\_SCHEMA.MASK\_DRIVERS\_LICENSE\_ON\_CUSTOMERS ON BANK\_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER\_DRIVERS\_LICENSE\_NUMBER RETURN CASE WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER\_DRIVERS\_LICENSE\_NUMBER WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'TELLER' ) = 1 THEN C . CUSTOMER\_DRIVERS\_LICENSE\_NUMBER WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER\_DRIVERS\_LICENSE\_NUMBER ELSE '*************' END ENABLE ; CREATE MASK BANK\_SCHEMA.MASK\_LOGIN\_ID\_ON\_CUSTOMERS ON BANK\_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER\_LOGIN\_ID RETURN CASE WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER\_LOGIN\_ID WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER\_LOGIN\_ID ELSE '*****' END ENABLE ; CREATE MASK BANK\_SCHEMA.MASK\_SECURITY\_QUESTION\_ON\_CUSTOMERS ON BANK\_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER\_SECURITY\_QUESTION RETURN CASE WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER\_SECURITY\_QUESTION WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER\_SECURITY\_QUESTION ELSE '*****' END ENABLE ; CREATE MASK BANK\_SCHEMA.MASK\_SECURITY\_QUESTION\_ANSWER\_ON\_CUSTOMERS ON BANK\_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER\_SECURITY\_QUESTION\_ANSWER RETURN CASE WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER\_SECURITY\_QUESTION\_ANSWER WHEN QSYS2 . VERIFY\_GROUP\_FOR\_USER ( SESSION\_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER\_SECURITY\_QUESTION\_ANSWER ELSE '*****' END ENABLE ; ALTER TABLE BANK\_SCHEMA.CUSTOMERS ACTIVATE ROW ACCESS CONTROL ACTIVATE COLUMN ACCESS CONTROL ;
THEN C . CUSTOMER_TAX_ID WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'TELLER' ) = 1 THEN ( 'XXX-XX-' CONCAT QSYS2 . SUBSTR ( C . CUSTOMER_TAX_ID , 8 , 4 ) ) WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER_TAX_ID ELSE 'XXX-XX-XXXX' END ENABLE ; CREATE MASK BANK_SCHEMA.MASK_DRIVERS_LICENSE_ON_CUSTOMERS ON BANK_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER_DRIVERS_LICENSE_NUMBER RETURN CASE WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER_DRIVERS_LICENSE_NUMBER WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'TELLER' ) = 1 THEN C . CUSTOMER_DRIVERS_LICENSE_NUMBER WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER_DRIVERS_LICENSE_NUMBER ELSE '*************' END ENABLE ; CREATE MASK BANK_SCHEMA.MASK_LOGIN_ID_ON_CUSTOMERS ON BANK_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER_LOGIN_ID RETURN CASE WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER_LOGIN_ID WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER_LOGIN_ID ELSE '*****' END ENABLE ; CREATE MASK BANK_SCHEMA.MASK_SECURITY_QUESTION_ON_CUSTOMERS ON BANK_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER_SECURITY_QUESTION RETURN CASE WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER_SECURITY_QUESTION WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER_SECURITY_QUESTION ELSE '*****' END ENABLE ; CREATE MASK BANK_SCHEMA.MASK_SECURITY_QUESTION_ANSWER_ON_CUSTOMERS ON BANK_SCHEMA.CUSTOMERS AS C FOR COLUMN CUSTOMER_SECURITY_QUESTION_ANSWER RETURN CASE WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'ADMIN' ) = 1 THEN C . CUSTOMER_SECURITY_QUESTION_ANSWER WHEN QSYS2 . VERIFY_GROUP_FOR_USER ( SESSION_USER , 'CUSTOMER' ) = 1 THEN C . CUSTOMER_SECURITY_QUESTION_ANSWER ELSE '*****' END ENABLE ; ALTER TABLE BANK_SCHEMA.CUSTOMERS ACTIVATE ROW ACCESS CONTROL ACTIVATE COLUMN ACCESS CONTROL ;
```
Back cover