A security apparatus and method that provides Multi-Level and Multi-Category Mandatory Access Control (MAC) for controlling access to data within a database at the granularity of the data record. The access control mechanism is implemented so that it has no impact on the database. A standard labeling technology is used in which access to data is dependent on the label of the accessing entity and the label of the data being accessed. The data labels designate security access requirements for data within the database and are stored or generated in a label server that intercepts access requests to the database from remote users. User labels define user access rights and are retrieved or generated and linked to all access requests. The label server compares the user labels linked to an access request with the data label for the data requested to determine if user access is granted or denied.