Manualshelf

SQL/MX 2.x Reference Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Introduction
HP NonStop SQL/MX Reference Manual523725-004
1-5
Security
After you press the MXCI break key, the statement or command terminates, and MXCI
returns this message and prompts you to enter another statement or command:
***WARNING[15033] Break was received.
>>
When you use the MXCI break key to terminate a transaction, the transaction might or
might not be rolled back. Execute the SHOW SESSION command to determine the
status of the transaction.
Security
Authorization to access SQL/MP objects is maintained by the Guardian environment
and checked by NonStop SQL/MP. Each object has associated security values that
determine who can read, write to, execute, and purge the object.
SQL:1999 uses authorization IDs to identify users during the processing of SQL
statements. An SQL/MX authorization ID is a valid Guardian user name, enclosed in
double quotes. Authorization ID is not case-sensitive.
SQL:1999 specifies two special authorization IDs:
PUBLIC - all authorization IDs known to the network at all times
SYSTEM - the implicit grantor of privileges to the creators of objects. You cannot
specify SYSTEM on any DDL statement. It is an internal mechanism, mentioned
here only because it is visible from a query of the metadata.
The PUBLIC identifier specifies all users in the node at present and future times and
can be used in the GRANT and REVOKE statements. SYSTEM cannot be specified in
GRANT and REVOKE statements.
The Super ID
In SQL:1999, the creator of an object is the owner of the object. In addition, NonStop
SQL/MX enables the super ID, corresponding to Guardian user-id (255,255), to act as
the owner of any object on a given node.
The super ID can create objects in a schema owned by any user. However, when the
super ID creates an object in a schema owned by some other user, the actual owner of
that object is that user, not the super ID. In addition to creating objects, the super ID
can grant or revoke privileges on objects on behalf of users who have the privilege of
performing this grant or revoke action.
The super ID can perform DDL operations on any object on behalf of the object’s
owner.