SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

141

142

143

144

145

146

147

148

149

150

Creating a Database

HP NonStop SQL/MP Installation and Management Guide—523353-004

5-37

Securing a Base Table

+> CATALOG =MCAT

+> SECURE "NNOO";

--- SQL operation complete.

For more information, see the SQL/MP Reference Manual or the SQLCI HELP entry

for the CREATE TABLE statement

Securing a Base Table

Base tables are the foundation of the database, and base table security ultimately

defines much of the security for views, indexes, and DML statements. The local owner

of an object, a remote owner with purge authority, and the super ID user generally

have the authority to perform DDL operations on existing tables. Anyone with authority

to purge a table can drop the table.

You can alter the security of a table by using the ALTER TABLE statement or the

SECURE command.

Security of Dependent Objects

When you alter the security of a base table, SQL/MP automatically alters the security

attributes for the dependent indexes. The security of dependent protection views might

also be altered if the new security of the table violates the system-enforced relationship

between these objects, as explained later in “Security Guidelines for Protection Views.”

Examples of Securing a Table

These examples show ways of securing a table to control DML access and to control

who has the authority to perform this set of DDL operations. Authority to purge the

table and ownership of the table is required for any of these operations:

•

Create a protection view

•

Create or drop a constraint

•

Create or drop an index

•

Update statistics for a table

•

Alter the attributes

•

Add a partition to a table

•

Add a column to a table

This example shows security that enables any network user to read or write to a table.

Only the product manager (user 200, 255) can perform the listed DDL operations.

$VOL2.APPLTAB.TABLE1 Owner = 200,255

Security = "NN-O"

This example shows security that enables any network user to read a table but restricts

update operations to the local application group. Only the application manager (user

250, 255) has the authority to perform the listed DDL operations.

$VOL2.APPLTAB.TABLE2 Owner = 250,255

Security = "NGOO"