ALLBASE/SQL Reference Manual (36216-90216)
80 Chapter2
Using ALLBASE/SQL
Controlling Database Access
Classes
A class is a special category of owner that is neither a conventional DBEUserID nor a
group. You may wish to assign ownership of objects to a class when you do not want any
individual or group to have automatic access to them. With class ownership, the DBA
controls all authorities, because objects that belong to a class can be created and
maintained only by the DBA. For a class to be useful, its class name must be different from
the name of any existing DBEUserID or group name.
A DBA can create a class by doing one of the following:
• Creating a table or view with the class name as owner name.
• Preprocessing an application with the class name as owner name.
• Transferring ownership of an object to a class name.
For example, the sample DBEnvironment contains several tables owned by the class
PurchDB. The table PurchDB.Parts was created with the following statement:
CREATE TABLE PurchDB.Parts
(PartNumber CHAR(16) NOT NULL,
PartName CHAR(30),
SalesPrice DECIMAL(10,2))
IN WarehFS;
After creating objects owned by the class, you must grant the specific authorities you wish
users or groups to have. Suppose you have a group PurStaff consisting of DBEUserIDs for
members of the Purchasing department. You could grant authorities to the group as
follows:
GRANT SELECT, UPDATE ON PurchDB.Parts to PurStaff;
Differences between Groups and Classes
You create a group explicitly by using the CREATE GROUP statement. You create a class
implicitly by creating objects that use the class name as the owner name.
A group has members, all of which have the privileges the group has. For example, if a user
is a member of the group Sales, then that user can drop or alter objects owned by Sales.
A class does not have members, nor can it use any authorities, although you can grant
them if you wish. This can be useful in a scenario in which you want to preassign
ownership of objects to a DBEUserID which has no logon ID on your system.