ODBC Server Installation and Management Manual
Managing the NonStop ODBC Server
HP NonStop ODBC Server Installation and Management Manual—429395-002
4-17
Database Access Controls
Restricting Database Access
The easiest way to limit access to a database is by securing the NonStop ODBC
Server catalog tables for the database appropriately. For example, if the NonStop
ODBC Server catalog tables are secured “CCCO,” only members of the owner’s user
group can access the database. This type of security prevents unauthorized users from
seeing which tables exist in the database. Restricting access to individual SQL/MP
objects within the database should be done by securing the individual SQL/MP tables
and views.
Database Access Controls
NonStop ODBC Server uses information from the SQLConnect command to complete
Guardian user authentication. NonStop ODBC Server aliases allow a user to have
more than one named user context utilizing the connection parameters of username
and datasource. Each user context defines the default catalog, transaction locking,
cursor characteristics, resource policies, and so on. NonStop ODBC Server aliases
and Safeguard aliases can be used together to achieve multiple contexts, individual
user authentication/audit, and a combination of the features provided by each.
Where SQL/MP uses a physical system configuration, NonStop ODBC Server uses a
logical system configuration. NSODBC_SYSTEM_CATALOG points to an SQL system
catalog or user catalog, and indicates a collection of SQL tables used by NonStop
ODBC Server to describe a system configuration or multiple configurations. A NonStop
ODBC Server configuration describes a collection of ODBC databases, their mapping
to SQL/MP catalogs, their logical usernames, and their context specification
(PROFILE).
As an optional feature NonStop ODBC Server can limit which SQL tables are visible,
limit user access (READONLY or READWRITE), and limit which users can create
objects by applying one or more optional settings to ODBC databases and SQL
catalogs.
Limiting Access to One or More Catalogs
The following example shows how to limit user access to one or more catalogs:
1. Choose a subvolume for the ODBC Server System Catalog, and customize it using
the following statement.
ADD DEFINE = _NSODBC_SYSTEM_CATALOG,CLASS CATALOG, SUBVOL
$data1.odbcsys
2. Install the NonStop ODBC Server. For details on how to install the NonStop ODBC
Server, see Installation
on page 1-1.
3. Add each user who is authorized to have access to this particular configuration,
using the following statement:
NOSCOM> ADD USER LOGICAL_NAME GUARDIAN_NAME