ODBC Server Installation and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Managing the NonStop ODBC Server

HP NonStop ODBC Server Installation and Management Manual—429395-002

4-18

Database Access Controls

4. For each SQL/MP catalog the user is authorized to access, use the following

statement:

NOSUTIL> USERCAT INSTALL $data1.cat1

Users do not have access to tables in catalogs that are not explicitly installed into this

ODBC system configuration. Passthrough commands allows users to issue any

SQL/MP statement directly. However, because each user opens a file as a Guardian-

authenticated user, standard SQL/MP access controls govern access to the catalog.

Limiting the Table Names Listed for a Data Source

For security purposes, or to limit the use of memory resources, you can use the

NonStop ODBC Server shadow catalogs and protection views to restrict the list of table

names returned to an application.

•

Creating a Shadow Catalog For Specific Tables

A shadow catalog is a NonStop ODBC server customized catalog, which contains

logical references to one or more SQL/MP tables that are registered in other

SQL/MP catalogs.

To create a shadow catalog, perform the following steps.

1. Create a shadow catalog in a separate subvolume using the following

statement:

NOSCOM> USERCAT INSTALL \node.$data1.privcat

2. Logically map each table for which access is to be granted in the shadow

catalog.

NOSCOM> ADD TABLE $data2.payroll.y01q01 AS

node_data1_privcat.dbo.y01q01

Only table objects that have been added are now accessible from an application

that is accessing objects in the database or catalog node_data1_privcat.

•

Using a Protection View to Obtain Column Data

A protection view allows you to restrict the amount of table data returned, but provides

associated column data. If you need to restrict the amounts of data returned, but you

need to see the column data, you must add a protection view.

To obtain column data for a limited set of tables, perform the following steps:

1. Add an SQL/MP protection view to the catalog $data1.privcat

SQLCI> CREATE VIEW $data1.privcat.y01q01 AS SELECT * FROM

$data2.payroll.y01q01 FOR PROTECTION

2. Logically map each table in the shadow catalog node_data2_payroll

NOSCOM> ADD VIEW $data1.privcat.y01q01 AS

node_data1_privcat.dbo.y01q01