SQL/MP Installation and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

Planning Database Security and Recovery

HP NonStop SQL/MP Installation and Management Guide—523353-004

4-8

Safeguard Security Product

For a full explanation of the authorization scheme, see the Guardian User’s Guide.

Safeguard Security Product

For additional security protection, you can use the Safeguard product to restrict access

to volumes and subvolumes containing SQL tables, views, indexes, collations, and

SQL programs stored in Guardian files. You can use the Safeguard product to protect

an entire catalog by protecting the subvolume that contains the catalog.

The Safeguard product can authorize or prevent all attempts to access protected

system objects, including disk files, disk volumes and subvolumes, devices, and

named processes. The owner of a system object can create an access control list that

DUP Read authority for objects and files being duplicated; read authority

for the catalogs containing the object descriptions; same authority

as for CREATE statements for the types of objects being duplicated;

and purge authority for target files and objects if purging is

necessary.

EDIT Read and write authority for the file to be edited.

FILEINFO Read authority for each object or file for which statistics are to be

displayed.

INVOKE Read authority for the catalogs containing the object descriptions.

LOAD Read authority for the source file or object; write authority for the

target file or object; and for objects, read authority for the catalogs

containing the object descriptions. If the target file is a table, then

LOAD requires the authority to write to the catalog in which the

table is described.

MODIFY

[DICTIONARY]

Local super ID unless the CHECKONLY option is specified. For a

MODIFY LABEL CHECKONLY request, read authority for the SQL

objects and object programs. For a MODIFY CATALOG

CHECKONLY request, read authority for the catalogs.

PURGE Same authority as for DROP for objects being purged and local

super ID, local group manager, or purge authority for files being

purged.

PURGEDATA Write authority for the files and for the tables and affected catalogs.

SECURE Same authority as for ALTER for the object being secured and

owner of the file, local group manager, or local super ID.

TEDIT Read and write authority for the file to be edited.

UPGRADE

CATALOG

Local owner of the catalog, local super ID, local group manager, or

remote owner with purge authority for the catalog tables, and write

authority for the system CATALOGS table.

UPGRADE SYSTEM

CATALOG

Local super ID.

VERIFY Read authority for the catalogs containing the object descriptions.

Table 4-1. Authorization Requirements (page 3 of 3)