SQL/MP Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series

711

712

713

714

715

716

717

718

719

720

HP NonStop SQL/MP Reference Manual—523352-013

S-15

Authorization Requirements for SQL Statements

In contrast, the security string “NGNU” specifies that any user on the network can read

or execute the file (the “r” and “e” characters of the security string) but the generalized

owner or a local user with a user ID that has the same Guardian security group as that

of the owner can only write to the file (the “w” character of the security string). Only the

generalized owner can purge the file (the “p” character of the security string). The

generalized owner includes the owner user ID, group manager, and super ID on other

nodes in the network.

Authorization Requirements for SQL Statements

To access an object in a NonStop SQL/MP database, an executing process (an SQLCI

session or a host program) must have a processor access ID with the appropriate

authority based on the security string associated with the object. Different SQL

statements have different authorization requirements.

To determine whether a process can update information in a table, for example,

NonStop SQL/MP checks read and write access (checks the process access ID

against the “rw” characters in the security string for the table). To determine whether a

process can change the definition of a table, NonStop SQL/MP also checks read and

write access for the catalog that describes the table (checks the process access ID

against the “rw,” characters of the security strings for files in the catalog).

Using SQLCOMP to compile an SQL program requires read and purge authority to the

program file; read and write authority to the PROGRAMS, USAGES, and TRANSIDS

tables of the catalog where the program will be registered; and read and write authority

to the USAGES and TRANSIDS catalog tables of any catalog with a description of a

table or view used by the program.

Executing an SQL program requires read and execute authority to the program file.

Executions that require dynamic recompilation also require read authority to any

catalog with a description of a table or view used by the program.

The authorization requirements in SQL/MP statements and SQLCI commands are

described with the specific statement or command entries, but Table S-1

summarizes

requirements for the major SQL statements.

Table S-1. Authorization Requirements for SQL Statements (page 1 of 3)

Statement Authority Required

DCL

LOCK TABLE UNLOCK

TABLE

Read authority to the table or view and to underlying tables of

the view

DDL*

ALTER* Generalized ownership of the object (or for an index, of the

underlying table), program file, or catalog being altered; for a

program, you must also have read and write authority to the

catalogs that describe the program and the objects referenced

in the program