HP 3000 Manuals HP 3000 Manuals
Defining Security TurboIMAGE/XL and IMAGE/SQL differ markedly in their implementation of security systems. TurboIMAGE/XL Security For external security, database users must be valid users in the account where the root file resides or have access to it through system security measures. For internal security, passwords are assigned to numbered classes. These classes can be associated with read and write permissions to items and data sets. When accessing a database, you must specify a password that grants you these permissions. Refer to the TurboIMAGE/XL Database Management System Reference Manual for further details on security. Granting and Revoking IMAGE/SQL Authorities Your user identification within the DBEnvironment is the same as your system logon. The creator of the DBEnvironment is called the Database Creator (DBC) and has Database Administrator (DBA) authority. The DBA has the responsibility to GRANT and REVOKE authorities of other users. These authorities relate to the DBEnvironment or to specific tables within it. Some of these authorities allow users to CONNECT to the DBEnvironment and SELECT, INSERT, and UPDATE against tables. If you are the creator of a table, you have OWNER authority over that table, which lets you perform any operation on it, including granting authorities to other users. With IMAGE/SQL, by default, the TurboIMAGE/XL creator (or someone who knows the maintenance word to the TurboIMAGE/XL database) and the DBA of the DBEnvironment is set up as the DBC with DBA authority within the DBEnvironment. Additional users can be added and authorities granted. Defining IMAGE/SQL Groups In IMAGE/SQL, you can define authorization groups and then grant authorities to them; then you can add users to the groups, at which point they immediately receive the authorities the group possesses. This makes it possible to create an authorization scheme that is independent of any list of particular users and passwords. An authorization group may be a member of another authorization group. Defining Views in IMAGE/SQL A different approach to security is possible in IMAGE/SQL through the use of views. For a table that contains some sensitive information and some widely used information, you can create a view that contains only the widely-used information, grant appropriate access on the view to a wide range of users, then restrict the access on the base table to only a few users.