 |
» |
|
|
|
|
|
3.3 Explain the grant statement
Key points
- When you grant SELECT, UPDATE, INSERT, or DELETE authority, you must specify
a Table or View name.
- CONNECT authority is the ability to issue the
CONNECT
statement (in other words, to simply attach to the DBEnvironment).
When a normal user initiates access to the DBEnvironment, he or she must
issue the CONNECT statement. If the user has not been granted CONNECT
authority (or has not been added to a group to which CONNECT authority has
been granted), the CONNECT statement will fail and no database access will
be possible. SQL CONNECT authority is more restrictive than TurboIMAGE
passwords, because it is not possible for an unauthorized user to use a
password. However, it is still possible for an unauthorized user to
gain entry to a DBEnvironment if the System Manager allows multiple users
to share the same user and account logon information at the MPE level.
Any user or group that has been granted CONNECT authority is part of a
special "group" known as PUBLIC. Granting an authority to PUBLIC is an
easy way to provide access on same table or view to many users.
- DBA authority is the ability to issue any valid SQL statement. A user
with DBA authority is exempt from all authorization restrictions. In the
SQL world, DBA authority is similar to SM capability on MPE/iX, or being
the superuser on HP-UX. The number of users having DBA authority should
be small for a production DBEnvironment.
- RESOURCE authority is the ability to create tables and authorization
groups.
- You cannot grant CONNECT authority to PUBLIC, because PUBLIC is defined as
the set of users and groups that have been granted CONNECT authority.
You also cannot grant DBA or RESOURCE authority to PUBLIC.
Page last updated on November 29, 1995
|
|
|
Printable version
