|
|
ALLBASE/SQL Database Administration Guide: HP 3000 MPE/iX Computer Systems > Chapter 8
System CatalogSystem.Colauth |
|
SYSTEM.COLAUTH contains records of authorities granted on specific columns in a table or view; it does not contain records of UPDATE authorities granted on an entire table or view. UPDATE and REFERENCES authorities are the only authorities which can be granted on specific columns. UPDATE and REFERENCES authorities granted on a table or view basis instead of a column-by-column basis are recorded in SYSTEM.TABAUTH (refer to SYSTEM.TABAUTH). ALLBASE/SQL uses SYSTEM.COLAUTH to verify a user's UPDATE authority prior to executing an UPDATE statement. If the user's UPDATE authority was not found in SYSTEM.TABAUTH or SYSTEM.COLAUTH, ALLBASE/SQL will issue an error message. ALLBASE/SQL uses SYSTEM.COLAUTH to verify a user's REFERENCES authority prior to executing a CREATE TABLE statement containing referential constraint definitions. If the user's REFERENCES authority was not found in SYSTEM.TABAUTH or SYSTEM.COLAUTH, ALLBASE/SQL will issue an error message. SYSTEM.COLAUTH is initially empty, and is revised whenever an UPDATE authority on specific columns is granted or revoked. Each row specifies a particular table (or view) column on which UPDATE authority has been granted. If no column is entered, the authority is granted for all of the columns in the table or view. For example, if you grant UPDATE authority to PETER@CRANE:
SYSTEM.TABAUTH would contain a row with a DBEUserID of PETER@CRANE, a TableName of Inventory, a C in the UPDATE column, and a 3 in the NCOL column. SYSTEM.COLAUTH would contain three entries for DBEUserID PETER@CRANE; one for each of the three listed columns. If UPDATE authority was granted without specifying specific columns, SYSTEM.TABAUTH would contain a row with a Y in the update column and SYSTEM.COLAUTH would not contain any rows. This view, along with SYSTEM.MODAUTH, SYSTEM.PROCAUTH, SYSTEM.SPECAUTH, and SYSTEM.TABAUTH, contains the security scheme for the DBEnvironment. When you create a PUBLIC or PUBLICREAD table, ALLBASE/SQL implicitly grants table authorities to the special user PUBLIC. In this case, the GRANTOR column contains the table owner name and the GRANTABLE column contains an N to indicate that privileges cannot be granted. Table 8-5 System.Colauth
|
|