Manualshelf

SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Planning Database Security and Recovery
HP NonStop SQL/MP Installation and Management Guide523353-004
4-5
Authorization Requirements for Database
Operations
Network databases require remote passwords (at the network level) and network
security strings for both catalogs and objects to allow remote access.
When an SQL object is created, the ownership defaults to the owner of the session
or program. The security of the object defaults to either the security of the
underlying table or the current default security, unless the statement creating the
object provides another security string. Section 5, Creating a Database,contains
additional object-specific information about security.
The security attributes of a table, view, index, or SQL program that runs in the
Guardian environment can be changed by an ALTER statement.
The security string for an object must be set to allow users who have write
authority to also have read authority.
A change in the ownership of an object affects the interpretation of the security
string. SQL interprets the security string at run-time against the user ID of the new
owner. The change does not apply to a running SQL program until program
execution ends.
The owner and security of an underlying table determine those attribute values for
indexes on the table. If you change the owner or security string for the underlying
table, SQL automatically changes the owner or security string for any indexes on
the table.
The CLEARONPURGE and NOPURGEUNTIL attributes for a table do not dictate
these attribute values for dependent indexes. You can set these two attributes
independently for indexes.
The owner of a base table determines the owner of a dependent protection view. If
you change the owner of a table, SQL automatically changes the owner of any
dependent protection view.
If you change the owner of a program, SQL automatically sets the PROGID
attribute to NO, regardless of the original setting.
Authorization Requirements for Database Operations
When creating a database, it is important to understand the authority necessary for
various types of operations on tables and programs. Table 4-1 on page 4-6 describes
what authority users must have to use specific statements and commands. For DDL
statements, users must also have authority to read and write to any catalogs affected
by the change.