ODBC Server Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

341

342

343

344

345

346

347

348

349

350

Managing Customized Catalogs

HP NonStop ODBC Server Reference Manual—429151-002

7-17

Privileged Users

TDM:

is a required keyword that indicates this is a pass-through statement.

UTIL

is a required keyword that indicates this is a catalog utility statement.

catalog-utility-statement

specifies one of the catalog utility statements listed in Table 7-3. The syntax of the

individual statements is described under Customizing Catalogs.

Specify object names using the Guardian format.

For details about pass-through mode, see Section 6, Using Pass-Through Mode.

Example

The following statement executes the USERCAT REFRESH statement:

select "tdm: util usercat refresh \test.$vol1.persnl"

Privileged Users

Originally, the access rights to perform operations in the NonStop ODBC Server were

based on the user’s login identity. Installation of the system catalog required the user’s

mapped identity to be that of the privileged ID or a privileged user. In addition, any

command that affected more than one user, such as ADD USER for a user not

yourself, required the privileged ID or privileged user identity.

Subsequent releases introduced the Guardian mechanism to set the PROGID attribute

of the NOSUTIL server. This led to a configuration in which the NOSUTIL server could

be designated as privileged and then use Guardian file system or Safeguard access

control to govern which users could use this privileged-set NOSUTIL process to

perform privileged operations.

The NOSUTIL configuration statements require the user to be privileged; otherwise, an

error message of the form “User does not have sufficient privileges to execute

command” is returned.

While the NonStop ODBC Server provides for the definition of user identities, this is

limited to mapping the login user identity to the identifier used for login authentication

and object reference. The NonStop ODBC Server does not determine which login user

identities are privileged by name, but relies on the Guardian and optional Safeguard

authentication mechanisms. The password required by the NonStop ODBC Server in

the login message must be the correct password for the mapped user identifier

determined during login message processing (by lookup or algorithm). There is no way

to switch user identity once the login processing is completed.

Additionally, other processes might return the same or a similar error message that the

user does not have sufficient privileges to complete the work. These exceptions are