HP 3000 Manuals HP 3000 Manuals
Differences in Security TurboIMAGE and ALLBASE/SQL differ markedly in their implementation of security systems. TurboIMAGE Security The security of TurboIMAGE databases is determined partly by passing MPE file system security and partly by the assignment of user classes and passwords within the schema. Externally, database users must be valid users in the account where the root file resides. For internal security, you define a numbered set of classes and assign passwords to them, then you add the classes that have read and/or write access to each data item and data set description in the schema. When accessing the database, you must specify a password, which assigns you to a user class with particular permissions in the database. Granting and Revoking Authorities In ALLBASE/SQL, the DBA (database administrator) GRANTs and REVOKEs authorities that relate to the DBEnvironment as a whole or to specific tables within it. If you are the DBEnvironment's creator, you have DBA authority. Users can CONNECT to a DBEnvironment if the DBA grants CONNECT authority to their DBEUserIDs, which are related to login name. It is possible to CONNECT to a DBEnvironment from any account. If you are the creator of a table, you have OWNER authority over it, which lets you perform any operation on it, including granting authorities to other users. Table authorities include the ability to SELECT, DELETE, INSERT, and INDEX. UPDATE authority can be granted for individual columns in a table or for the table as a whole. Defining ALLBASE/SQL Groups In ALLBASE/SQL, you can define authorization groups and then grant authorities to them; then you can add users to the groups, at which point they immediately receive the authorities the group possesses. This makes it possible to create an authorization scheme that is independent of any list of particular users and passwords. An authorization group may be a member of another authorization group. Defining Views in ALLBASE/SQL A different approach to security is possible in ALLBASE/SQL through the use of views. For a table that contains some sensitive information and some widely used information, you can create a view that contains only the widely-used information, grant appropriate access on the view to a wide range of users, then restrict the access on the base table to only a few users.