Manualshelf

ALLBASE/SQL Reference Manual (36216-90216)

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
71727374757677787980
Chapter 2 79
Using ALLBASE/SQL
Controlling Database Access
Group members have ownership privileges over all objects owned by their group.
Group members have all privileges granted to the group.
Table owners can add columns to the table or drop the table.
They can add and drop constraints.
They can create and drop indexes for the table. They can grant and revoke authorities
for the table, and transfer their ownership to another owner. They can retrieve data
from the table, change the data, update statistics, lock the table, and create views on
the table. Transferring ownership of a table transfers the ownership of indexes,
constraints, and rules defined on the table. And grantor of privileges by owner also
changes.
Index owners can drop their indexes. The index owner must be the same as the owner
of the table the index is defined upon. Index ownership is transferred along with the
ownership of the table the index is defined upon.
View owners can drop their view. They can grant and revoke authorities for the view
and transfer their ownership to another owner. They can also access data through their
views.
Module owners can execute, validate, and drop their modules. They can grant and
revoke RUN authority for their modules. Ownership of modules cannot be transferred.
Procedure owners can drop their procedures. They can grant and revoke EXECUTE
authority for their procedures, and they can transfer ownership to another owner.
Rule owners can drop their rules. The rule owner must be the same as the owner of
the table the rule is defined upon. Rule ownership is transferred along with the
ownership of the table the rule is defined upon.
Authorization Groups
An authorization group is a named collection of users or other groups. The CREATE GROUP
statement is used to define groups, and the ADD TO GROUP statement is used to associate
individuals or other groups with the group. The GRANT statement assigns authorities to a
group. All three statements are used in the following example:
CREATE GROUP PurchManagers
ADD MARGUERITE@RYAN, RON@HART, SHARON@MULDOON TO GROUP PurchManagers
GRANT SELECT on PurchDB.Parts TO PurchManagers
Any member of the group PurchManagers can select data from table PurchDB.Parts.
Authorization groups have several advantages as described here:
Groups simplify authorization. They make it possible to grant authorities to multiple
users or groups with one GRANT statement. In addition, as new users need authorities,
the DBA can simply add them to a group already possessing the appropriate
authorization.
Groups make control over the type of data access independent of control over who can
access data. For example, the owner of a table can grant different types of access
(SELECT, UPDATE, etc.) to a group; but who belongs to the group is controlled by the
DBA or the group's owner, not by the table's owner.