SQL/MP Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

711

712

713

714

715

716

717

718

719

720

HP NonStop SQL/MP Reference Manual—523352-013

S-13

Process Access IDs

The super ID can act as the owner of any object or file on the node. Certain operations

can be performed only by a user logged on with the super ID.

Process Access IDs

Each executing process on a system has a process access ID (PAID) that determines

the SQL/MP objects and Guardian files the process can access. The process access

ID is always a Guardian user ID.

If you work through TACL, the executing TACL process has a process access ID that is

the Guardian user ID you supplied at logon. If you work through an OSS shell, the

executing shell process has a process access ID that is the Guardian user ID you

supplied at logon.

After logon, each process you start normally inherits the processor access ID of the

process that starts it—so processes you start from the TACL process, such as SQLCI

or host language programs (and any processes you start from those processes),

normally inherit the processor access ID that is also the Guardian user ID you supplied

at logon. In this way, your initial logon usually determines the SQL/MP objects and

Guardian files that you can access.

A process does not inherit the processor access ID of the process that starts it if you

execute a program that has the PROGID file attribute set. The PROGID attribute of a

program file specifies that a process started from that program file should use the

Guardian user ID of the owner of the program file as its process access ID, not the

process access ID of the user who starts the process. When this occurs, the Guardian

user ID of the owner of the program file determines the SQL/MP objects and Guardian

files that the program can access, regardless of the user that executes the program.

The process access ID of the process you are executing (with the Security Strings

page S-14) determines the objects and files you can access with that process.

Therefore, if the SQL documentation says that to perform a certain operation

"you must have authority to ..."

it means that the process access ID of the process you execute must have the

authority. A Group List is associated with a process. Each Guardian user can be a

member of one or more user groups. The Group List is a list of decimal numbers,

specifying the user groups to which the Guardian user belongs. The Group List is

always associated with the creator accessor ID (CAID) of a process, even if the

process is started from a PROGID object file. The Group List is also used (together

with the PAID) to determine the objects and files that you can access with that process.

The owner of an SQL program in a Guardian file can use the ALTER PROGRAM

statement or the SECURE command to set the PROGID attribute of the program file. If

a program is secured with the Safeguard subsystem, the owner can use the Safeguard

255,255 Super ID number

SUPER.SUPER Typical super ID name