Manualshelf

SQL/MX 3.2.1 Management Manual (H06.26+, J06.15+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
Database Access and Security
Access to SQL/MX database objects is governed by access privileges. Access privileges for
SQL/MX tables, views, and indexes are provided through the GRANT and REVOKE statements.
For more information about assigning and removing access privileges for SQL/MX objects, see
Access Privileges for SQL/MX Database Objects (page 79) and the SQL/MX Reference Manual.
For more information about Guardian security, see the Security Management Guide.
OSS File and Directory Security
Like Guardian files, each OSS file has an owner and a security string that determines access to
the file. Even though the security string associated with an OSS file provides a function similar to
that of the Guardian file security string, its format differs substantially.
Permission Codes
The OSS environment uses permission codes to provide security for disk files. Directories are also
protected by permission codes because they are considered to be a special type of file. The
permission code, also known as permission bits, specifies who has read, write, and execute access
permission for the file or directory. You protect your files and directories by setting and altering
their permission codes as necessary.
The permission code for a file or directory allows you to grant or deny read, write, and execute
permissions for each of three separate classes of users: the file owner, the file group, and all others.
The access permissions are defined as follows:
r (read) to view or print a file, or read a directory.
w (write) to change or delete a file, or add or delete directory entries.
x (execute) to execute the file as a program, or search a directory.
X for S_IXUSR, S_IXGRP, or S_IXOTH in the “execute” position.
s to set user ID or set group ID, in the owner or group “execute” position.
t to test segment (the sticky bit), in the others “execute” position.
s for an AF_UNIX socket under types.
- for “regular” file under types.
Users on the system are classified as one or more of the following:
u (user/owner)
g (group)
o (all others; also known as “world”)
Unlike Guardian files, no purge permission exists for OSS files. Write permission for a file allows
the contents to be deleted, but write permission for the file’s directory is also required to remove
the file name. The first character of the permission code indicates the file type. A dash (-) character
in this position indicates an ordinary file, and the letter d indicates a directory.
The remainder of the permission code consists of three sets of three characters specifying permissions
for the file owner, file group, and all others, respectively. A dash in any of these positions indicates
that the permission is denied. For example, a permission code of -rwxr-xr-- indicates that the file
owner can read, write, and execute the file; members of the file group can read and execute the
file; and all others can read the file.
For more information, see the Open System Services User’s Guide.
Planning Database Security 43