SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

361

362

363

364

365

366

367

368

369

370

Managing a Distributed Database

HP NonStop SQL/MP Installation and Management Guide—523353-004

12-4

Using Catalogs in a Network

Each node must have a system catalog and catalogs for the objects located on that

node. A catalog can hold the descriptions of objects that reside only on the same node.

For example, you cannot describe a table on node \SYSA in a catalog that resides on

node \SYSB.

For distributed and partitioned tables or indexes, you must define a catalog to describe

the partition resident on that node. Partitioned tables and indexes must have the table

or index description in a catalog on each node where any partition resides;

consequently, each node with a partition maintains a copy of the description.

When a distributed SQL object is created, the fully qualified Guardian name of the

object (\system.$vol.subvol.filename) is coded in each catalog that contains a

description of the object and also in the file label.

Managing Network Security

Managing a network-distributed database has additional demands on security and

authorization schemes.

All users of a distributed node must have remote passwords for remote access. All

remote objects and local objects must be secured for network access.

In addition to the authority and security for the SQL objects, statements that require

access to catalogs also require that the remote catalogs be secured for network

access.

For security in a local node in a network, the rule for authority is this: to perform DDL

operations on existing objects you must be the local owner of an object, a remote

owner with authority to purge the object, or the super ID.

Authority to purge the object is required to drop a table, program, or view. Authority to

purge the underlying table is required to drop an index or constraint.

For security on a remote node, the rule for authority is this: to have the authority to

perform DDL operations on an existing object, you must be the remote owner of the

object with authority to purge the object. To drop a table, program, or view, you must

have authority to purge that object. To drop an index or constraint, you must have

authority to purge the underlying table. The super ID does not have the remote

capabilities that the super ID has in the local environment.

Group managers, like other users, must meet the normal purge authority requirements

to perform DDL operations on a remote object; however, a group manager can read,

write, or execute any object owned by any member of the group. The remote object

must be secured for remote access with the letters U, C, or N.