ODBC Server Installation and Management Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Managing the NonStop ODBC Server

HP NonStop ODBC Server Installation and Management Manual—429395-002

4-21

PROGID Security

PROGID Behavior

PROGID security affects the behavior of all NOSUTIL statements. Additionally,

PROGID affects the behavior of the SQL/MP utility statements that NOSUTIL uses to

create SQL objects.

The following rules apply to PROGID security:

•

If the PROGID attribute is set, the creation of a NonStop SQL catalog causes each

of the catalog tables (TABLES, COLUMNS, and so on) to have the user ID of the

PROGID-secured program—instead of the user ID of the invoking user or user

program—and a file security of “NNNO,” regardless of the default file security of

the invoking user or the PROGID user ID.

•

If the PROGID attribute is set, access to objects is determined as if the user were

authenticated as the PROGID user ID.

•

If the PROGID user ID is set to a super-group user ID, the management functions

that NOSUTIL by default restricts to only super-group users can be executed by

any user with the right to execute this PROGID-secured NOSUTIL without having

to log on as a super-group user.

These rules can result in perhaps unintended but reasonable and predictable

consequences. The following example demonstrates the result of setting the PROGID

attribute on the NOSUTIL process.

The users involved with this example are as follows:

The PROGID attribute has been set for NOSUTIL; the pertinent characteristics of the

NOSUTIL program file are as follows:

Code ... Owner RWEP ...

NOSUTIL 100P ... 255,127 "NUNU" ...

When SQL.USER1 logs on successfully, the current session environment is

established as follows.

Current volume: $disk1.db1

Saved volume: $disk1.db1

Userid: 175,51 Username: sql.user1 Security: "NNNO"

The system catalog is installed in $SYSTEM.SQL. A SQL user catalog has already

been created in $DISK1.DBA. No SQL files reside in $DISK1.DBB.

Based on the preceding assumptions, user SQL.USER1 can perform any of the

NOSUTIL statements shown in Table 4-2 with all of the privileges of user

SUPER.NSODBC (user ID 255,127), the owner of the NOSUTIL program file.

User Name User ID Default File Security

SUPER.NSODBC 255,127 “NUNU”

SQL.USER1 175,51 “NNNO”