Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
HP.com home
 Jazz home  >  Papers & Training

IMAGE/SQL: Issues and answers concerning SQL tables
» 

Jazz home
»

Software
»

Papers & Training
»

Java
»

HP Partners
»

News & Events
»

Register for more info
Content starts here
Prev Page Next Page Manual Top Home Page


3.6 How is SQL security implemented by IMAGE/SQL (continued)?


Key points


When you issue an IMAGESQL ADD USER command, certain SQL statements are executed behind the scene for you.

  • If this is the first user to be added for the class/password, then IMAGESQL does the following:

    • IMAGESQL issues a CREATE GROUP statement for the class/password. The name of the group is the "TurboDB name" + "_class number". For example: 
      CREATE GROUP music_20;
    • IMAGESQL issues a GRANT statement so that anyone in the group can connect to the DBEnvironment, and also an ADD TO GROUP statement to put DIR@ACCOUNT into the new group. 
      GRANT CONNECT TO music_20;
ADD DIR@ACCOUNT TO GROUP music_20;
    • IMAGESQL issues a CREATE VIEW statement for each data set that the user class is allowed to access, according to the TurboIMAGE schema. Only the data items that the class is authorized to access are visible in the view. The name of the view has a '_V' and the class number appended at the end. 
      CREATE VIEW music.albums_v20 ...;
CREATE VIEW music.composers_v20 ...;
    • Finally, IMAGESQL performs a GRANT on the new view, so that anyone in the group has the appropriate authorities on the view. In our example, class 20 has write access (also known as full data access) according to the TurboIMAGE schema. Write access maps to SELECT, UPDATE, INSERT, and DELETE authorities in SQL:

      GRANT SELECT,UPDATE,INSERT,DELETE on music.albums_v20 TO music_20;
      GRANT SELECT,UPDATE,INSERT,DELETE on music.composers_v20 TO music_20;

  • If this is the second (or other) user for the class/password, then IMAGESQL simply issues an ADD TO GROUP statement to add the new user to the appropriate group for the class/password. 
    IMAGESQL "" ADD USER PINKY@ACCOUNT WITH CLASS=20, MODE=1

     SQL => ADD PINKY@ACCOUNT TO GROUP music_20;
  • When users in the group want to access information in the TurboIMAGE data set, they must use the view that has been set up for them: 
    isql => select * from music.albums_v20;
Prev Page Next Page Manual Top Home Page

Page last updated on November 29, 1995

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2004 Hewlett-Packard Development Company, L.P.