SQL/MX 2.x Installation and Management Guide (G06.24+, H06.03+)
Planning Database Security and Recovery
HP NonStop SQL/MX Installation and Management Guide—523723-004
5-2
Planning Guidelines
•
Managing Permissions for Files in OSS Space on page 11-13
•
Managing Permissions for Files in Guardian Space on page 11-13
•
Securing User Modules on page 11-17
•
Managing Network Security on page 13-11
Planning Guidelines
When you plan your SQL/MX database security you should consider:
•
Database Access and Security
•
OSS File and Directory Security
•
Safeguard Security
Database Access and Security
Access to SQL/MX database objects is governed by access privileges. Access
privileges for SQL/MX tables, views, and indexes are provided through the GRANT
and REVOKE statements.
For detailed information about assigning and removing access privileges for SQL/MX
objects, see Access Privileges for SQL/MX Database Objects on page 7-9 and the
SQL/MX Reference Manual. For detailed information about Guardian security, see the
Security Management Guide.
OSS File and Directory Security
Like Guardian files, each OSS file has an owner and a security string that determines
access to the file. Even though the security string associated with an OSS file provides
a function similar to that of the Guardian file security string, its format differs
substantially.
Permission Codes
The OSS environment uses permission codes to provide security for disk files.
Directories are also protected by permission codes because they are considered to be
a special type of file. The permission code, also known as permission bits, specifies
who has read, write, and execute access permission for the file or directory. You
protect your files and directories by setting and altering their permission codes as
necessary.
The permission code for a file or directory allows you to grant or deny read, write, and
execute permissions for each of three separate classes of users: the file owner, the file
group, and all others. The access permissions are defined as:
•
r (read) for view or print a file, or read a directory
•
w (write) for change or delete a file, or add or delete directory entries