ODBC Server Installation and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Managing the NonStop ODBC Server

HP NonStop ODBC Server Installation and Management Manual—429395-002

4-16

Controlling Access to a NonStop ODBC Server

System

This string only works when there are no user tables beginning with “ZNU.” You do not

need to worry about the security of the NonStop ODBC Server catalog views (ZVU*),

because they are all shorthand views.

Security Considerations for Installation

Installation of the NonStop ODBC Server is performed by using the TACL script

NOSINST supplied with the product. To run NOSINST, you must be logged on as the

super ID. After running NOSINST successfully, the program object files, NOS and

NOSUTIL, and the NonStop ODBC Server system catalog have the super ID as owner.

NOS and NOSUTIL have a security vector of “NONO” to allow anyone to execute

them. All of the NonStop ODBC Server system catalog tables are secured “NNNO,”

with the exception of ZNUDT, ZNSDUMMY, ZNSPROT, and ZNSVALUE, which are

secured “NONO.” The security vector “NNNO” provides open access to the system

catalog table, allowing any user to create a database or use the utility functions such

as the ADD USER function. The security of these programs and tables can be

changed after installation. The other tables are not secured for general write access

because they are never changed after the installation.

Client Access

The first level of security is provided through the logon name and password required

before a client can connect to NonStop ODBC Server. Access can be further restricted

by not configuring a default server class in the SCS configuration file. If no default

class is configured, SCS accepts only connection requests where the logon username

maps to one of the configured server classes.

Creating a Database

The easiest way to control who can create a new database, either by issuing a

CREATE DATABASE statement from the client, or by using the USERCAT INSTALL

statement, is to restrict write access to the NonStop ODBC Server system catalog table

ZNSDB. For example, by securing the table as “NCOO,” only super-group users can

write to the table and thus create a database. The same effect could be achieved by

limiting access to the NonStop SQL/MP CATALOGS table, because this limits the

creation of the NonStop SQL/MP catalog created as part of a NonStop ODBC Server

database.

Default Database Security

When a database is first created, either by the client by sending a CREATE

DATABASE request or by using the USERCAT INSTALL statement, the security of the

database is set to the default Guardian security associated with the user creating the

database.