ODBC Server Installation and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Managing the NonStop ODBC Server

HP NonStop ODBC Server Installation and Management Manual—429395-002

4-15

Controlling Access to a NonStop ODBC Server

System

Controlling Access to a NonStop ODBC Server System

This subsection discusses how you can secure your NonStop ODBC Server system to

provide certain access privileges. To perform any operation within a NonStop ODBC

Server system, you must have the correct access privileges to the SQL/MP catalogs,

the NonStop ODBC Server catalogs, and the individual SQL/MP objects. By applying

security at these different levels, it is possible to set up many different security

schemes, as discussed following.

When securing the NonStop ODBC Server user catalog tables (ZNUOBJ and ZNUIX),

you should secure them with the same security vector. The easiest way to secure the

tables is by using the SQLCI SECURE command; for example:

SECURE ZNU* "CCCO";

NOSUTIL

SYSCAT

R, W R, W,

(CR)

E E Must be privileged

user

NOSUTIL

USERCAT

R, (W)R, (W)CR E E

(3)

CLIENT R, (W) R, (W) R, (W) E E E

(4)

ADMIN R, W R, W R E, O E E E

)

(1) In addition, to run NOSINST, you must have execute access permission on the SQL/MP process SQLCAT.

(2) To add a logical user name, you must either be logged on under the Guardian user name to be associated

with the logical user name or be logged on as a super-group user. To delete a logical user name, you must

be logged on as a super-group user.

(3) If a SQL/MP catalog must be created or dropped, the SQL/MP system catalog must also be written to.

(4) The authorizations shown are minimal. If the client creates objects, SQL/MP and NonStop ODBC Server

catalogs are also written to (the client needs the same authorizations as if using SQL/MP directly). If a pass-

through NOSUTIL statement is used, add the authorizations needed for that statement.

(5) In general, the NonStop ODBC Server administrator needs full read/write access to the NonStop

ODBC Server system catalog in order to manage the system (for example, to add profile and

trace records). It is likely that ADMIN will be a super-group user to run the SYSCAT VALIDATE

and REFRESH functions. ADMIN should also be the person who configures, starts, and stops

SCS. ADMIN also needs to be able to execute SCF and read the EMS log.

Table 4-1. NonStop ODBC Server Security Requirements (page 2 of 2)

Accessor

NSSQL/MP SYSTEM CATALOG

NSODBC SYSCAT

NSODBC USERCAT

SCSOBJ

NSODBC Server

NOSUTIL

SQLCOMP

Notes