HP 3000 Manuals HP 3000 Manuals
About IMAGE/SQL Security
IMAGE/SQL enforces TurboIMAGE/XL database security. That is, SQL users
can access only the data defined for them in the TurboIMAGE/XL database
schema.
To accomplish this, during an attach, only the DBC is defined as an SQL
user. This user has access to all the mapped tables in the database.[REV
BEG] The DBC must explicitly add all other IMAGE/SQL users by associating
each user class or password with a DBEUser_ID.[REV END] A view is then
created for each mapped table to which the DBEUser_ID has access. This
view is based on information in the TurboIMAGE/XL root file and permits
user classes to see the data defined for them in the TurboIMAGE/XL
schema. Users, including user class 0, must know the names of the views
to which they have access.
IMAGE/SQL utility security can be modified only by someone who is both
the DBC and a DBA of the respective database management systems.
Controlling IMAGE/SQL User Access
IMAGE/SQL takes the following steps to control users' access to
TurboIMAGE/XL data (see Figure 3-4 ):
* When an SQL user is added, IMAGE/SQL creates an SQL authorization
group.[REV BEG] The name of this group is based on the user class
or the user class of the password named in the ADD USER
command.[REV END] The naming convention for this group is
OwnerName_UserClass#. The new DBEUserID (User@Account) is then
added to this group.
One view is then created for each data set the user class is
allowed to access. The naming convention for these views is
OwnerName.MappedTableName_VUserClass#.
If data is not password-protected, user class 0 is assumed and
views of this data are created for user class 0.
* When an SQL user is deleted, the DBEUserID is removed from the SQL
group associated with the TurboIMAGE/XL user class. Note that the
group itself and the corresponding views remain in the
DBEnvironment because other user-created views may be based on
these views.
* When the database is detached, all views based on mapped tables,
including user-created views, are dropped.
![[]](../../pic3k/M016883/FFN653c50.gif)
Figure 3-4. IMAGE/SQL Security Mapping
IMAGE/SQL Data Type Mapping
IMAGE/SQL maps all TurboIMAGE/XL data types to the closest equivalent SQL
data types. Sometimes completely compatible choices are not available,
or more than one viable alternative exists. In these cases, IMAGE/SQL
chooses default data types for you, but also provides alternative data
type mapping that you can select if it more closely meets your particular
needs.
Note that when alternative data type mapping is selected, all
user-created views containing the mapped data type are dropped.
Therefore, it is advisable to perform alternative data type mapping
before users have had the opportunity to create views.
For specific information about IMAGE/SQL default data type mapping and
alternative choices, refer to Table 2-6 in Chapter 2 (Task 4).
At Run Time
At run time, SQL turns all mapped table queries over to IMAGE/SQL. Using
the mapping information in the ATCINFO file, IMAGE/SQL makes the
appropriate TurboIMAGE/XL calls, retrieves the data from the
TurboIMAGE/XL database, and returns the data to SQL in the correct SQL
format (see Figure 3-5 .)
![[]](../../pic3k/M016883/FFN663c50.gif)
Figure 3-5. IMAGE/SQL at Run Time
Note that the data is retrieved from the TurboIMAGE/XL database. Only
the mapped table definitions actually reside in the DBEnvironment.[REV
BEG] The ALLBASE/SQL Optimizer decides which indices, if any, to use and
the proper order of operation to ensure that the most efficient path is
used. Data is retrieved more efficiently when a mapped column represents
a TurboIMAGE/XL search item, key item, or an item which has a B-Tree
index (explicit or implicit) or a third-party index.[REV END]