SQL/MX 2.x Installation and Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

101

102

103

104

105

106

107

108

109

110

Planning Database Security and Recovery

HP NonStop SQL/MX Installation and Management Guide—523723-004

5-4

Safeguard Security

The super ID can include a umask command in the /etc/profile file to specify the user

mask for all users who log on to the shell. An individual user can also include a umask

command in his or her profile file to establish a personal user mask.

Safeguard Security

For additional security protection, use the Safeguard product to restrict access to

physical Guardian volumes and subvolumes containing the distributed SQL/MX

product component files.

Safeguard and SQL/MX File Security

Safeguard security protection for Guardian files is not extended to SQL/MX files.

Safeguard bypasses SQL/MX files for security violations at the volume and subvolume

level so that any volume or subvolume protection provided by Safeguard does not

apply to SQL/MX objects. As a result, SQL/MX files can be created on a disk volume

that is protected by Safeguard. SQL/MX INITIALIZE SQL and CREATE SCHEMA

operations can create SQL/MX metadata tables on any local disk that is not managed

by SMF.

NonStop SQL/MX recognizes the Guardian user ID, which can be added by

SAFECOM, and records it in the SQL/MX metadata and file labels. However, NonStop

SQL/MX does not recognize or consider the Guardian user group.

NonStop SQL/MX uses its own security mechanism to authorize access to SQL/MX

objects, and Safeguard contains code that specifically supports the SQL/MX security

mechanism. Security for a given SQL/MX object is set at object creation time and is

independent of Safeguard security settings. Subsequent changes to privileges for an

SQL/MX object are performed by GRANT and REVOKE statements independent of

Safeguard regulations. Privileges for accessing SQL/MX objects are stored in SQL/MX

metadata tables and the underlying file labels. These privileges are not visible to non-

SQL/MX users. For more information about GRANT and REVOKE, see Access

Privileges for SQL/MX Database Objects on page 7-9.

OSS Interoperability With Safeguard Security

Safeguard security features affect your use of the OSS environment in these ways:

•

All system users are added and managed by using SAFECOM USER commands.

•

All user aliases are added and managed by using SAFECOM ALIAS commands.

•

All file-sharing groups are added and managed by using SAFECOM GROUP

commands.

•

Safeguard volume protection records can control who is authorized to create disk

files on specific disk volumes.

Note. SQL/MX module files and some database software components reside in the OSS file

space and are subject to OSS system security.