Manualshelf

SQL/MX 3.2.1 Reference Manual (H06.26+, J06.15+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
341342343344345346347348349350
SQL/MX Statements
HP NonStop SQL/MX Release 3.2.1 Reference Manual691117-005
2-248
GRANT SECURITY_ADMIN Statement
GRANT SECURITY_ADMIN Statement
Considerations for GRANT SECURITY_ADMIN
Examples of GRANT SECURITY_ADMIN
The GRANT SECURITY_ADMIN statement designates a specified user as a security
administrator.
authid
specifies the authorization ID whom you are designating a Security Administrator.
Authorization IDs identify users during the processing of SQL statements. The
authorization ID must be a valid Guardian user name, enclosed in double quotes.
A Guardian user number (for example, “255,255”) is not allowed. authid is not
case-sensitive.
Considerations for GRANT SECURITY_ADMIN
Authorization Requirements
If the Security Administrator's Group is empty, only the Super ID may execute the
GRANT SECURITY_ADMIN statement. Otherwise, only a Security Administrator may
execute this statement.
Security Considerations
NonStop SQL/MX translates each authorization ID you specify into a 32-bit integer
value and then stores the number in the system metadata tables. The stored
identification number, not the characters of the authorization ID, is used to identify a
Security Administrator. For this reason, care must be exercised when reusing vacated
Guardian user IDs. HP recommends utilizing a dedicated Guardian user group for
Security Administrators.
To prevent a Security Administrator from creating a user for themselves and granting
any privilege to that user, HP strongly recommends that the function of creating users
be restricted to users outside the Security Administrator's Group.
Since object owners may continue to grant privileges in the presence of Security
Administrators and owner-derived grants exist distinctly from those made by Security
Administrators, HP recommends that object ownership reside with an entity such as a
DBA who would be expected to refrain from making owner-derived grants. HP also
recommends periodic auditing of object privileges to detect and correct unauthorized
grants.
GRANT SECURITY_ADMIN to authid