Command Reference Guide
MXCS Commands and Objects
SQL/MX Connectivity Service Administrative Command Reference—526350-005
2-10
Security
Security
MACL has two classes of commands:
Informational commands, which return data. Any user can issue these commands:
INFO
VERSION
Sensitive commands, which change states and values, and add or delete objects.
Only a user with operator permissions can issue these commands:
ADD
ALTER
DELETE
START
STOP
Users issuing sensitive commands are validated against the list of user objects defined
in the MXCS configuration database. Each user object has either operator or user
permissions. Each system has its own set of user object definitions, just as it has its
own MXCS configuration database. For information on managing these objects, see
Section 7, Object User Commands.
Basic security rules are:
Only the user who installed SQL/MX (super ID user, SUPER.SUPER) can modify
the user list.
Only users who have the operator permission in the user list can execute
sensitive commands. The SUPER.SUPER user always has operator
permissions, which cannot be changed.
Everyone has the user permission in the user list by default, so anyone can
execute informational commands. The generic user PUBLIC always has user
permissions, which cannot be changed or removed. Adding individual users with
the user permission is permitted, but is currently unnecessary.
Example MXCS Configuration
The next list of objects and attributes defines the static portion of the MXCS
configuration that appears in all examples in this manual. You start MXCS from a TACL
prompt with a command-line that specifies the service name ($AS in this example), the
Note. Use sensitive commands with caution to prevent disrupting users. Grant the
operator permission only to users trained in ODBC concepts. If several users with the
operator permission are changing things at the same time, maintaining consistency of
object definitions can be at risk.