TurboIMAGE/XL and IMAGE/SQL differ markedly in their implementation
of security systems.
TurboIMAGE/XL Security |
 |
For external security, database users must be valid users in the
account where the root file resides
or have access to it through system security measures.
For internal security, passwords are assigned to numbered classes.
These classes can be associated with read and write permissions
to items and data sets. When accessing a database, you must specify
a password that grants you these permissions.
Refer to the TurboIMAGE/XL Database Management System Reference Manual for further details on security.
Granting and Revoking IMAGE/SQL Authorities |
 |
Your user identification within the DBEnvironment is the same as
your system logon.
The creator of the DBEnvironment is called the Database Creator (DBC)
and has Database Administrator (DBA) authority. The DBA has the
responsibility to GRANT and REVOKE authorities of other users.
These authorities relate to the DBEnvironment or to specific
tables within it.
Some of these authorities allow users to CONNECT to the DBEnvironment
and SELECT, INSERT, and UPDATE against tables. If you are the creator
of a table, you have OWNER authority over that table, which lets you
perform any operation on it, including granting authorities to other
users.
With IMAGE/SQL, by default, the TurboIMAGE/XL creator
(or someone who knows the maintenance word to the TurboIMAGE/XL database)
and the DBA of the DBEnvironment
is set up as the DBC with
DBA authority within the DBEnvironment. Additional users can be
added and authorities granted.
Defining IMAGE/SQL Groups |
 |
In IMAGE/SQL,
you can define authorization groups and then grant authorities to
them; then you can add users to the groups, at which point they
immediately receive the authorities the group possesses. This
makes it possible to create an authorization scheme that is independent
of any list of particular users and passwords. An authorization group
may be a member of another authorization group.
Defining Views in IMAGE/SQL |
 |
A different approach to security is possible in IMAGE/SQL
through the use of views. For a table that contains some sensitive
information and some widely used information,
you can create a view that contains only the widely-used information,
grant appropriate access on the view to a wide range of users,
then restrict the access on the base table to only a few users.