IMAGE/SQL Administration Guide: HP 3000 MPE/iX Computer Systems > Chapter 3 Understanding IMAGE/SQLAbout IMAGE/SQL Security |
|
IMAGE/SQL enforces TurboIMAGE/XL database security. That is, SQL users can access only the data defined for them in the TurboIMAGE/XL database schema. To accomplish this, during an attach, only the DBC is defined as an SQL user. This user has access to all the mapped tables in the database. The DBC must explicitly add all other IMAGE/SQL users by associating each user class or password with a DBEUser_ID. A view is then created for each mapped table to which the DBEUser_ID has access. This view is based on information in the TurboIMAGE/XL root file and permits user classes to see the data defined for them in the TurboIMAGE/XL schema. Users, including user class 0, must know the names of the views to which they have access. IMAGE/SQL utility security can be modified only by someone who is both the DBC and a DBA of the respective database management systems. IMAGE/SQL takes the following steps to control users' access to TurboIMAGE/XL data (see Figure 3-4 “IMAGE/SQL Security Mapping”):
IMAGE/SQL maps all TurboIMAGE/XL data types to the closest equivalent SQL data types. Sometimes completely compatible choices are not available, or more than one viable alternative exists. In these cases, IMAGE/SQL chooses default data types for you, but also provides alternative data type mapping that you can select if it more closely meets your particular needs. Note that when alternative data type mapping is selected, all user-created views containing the mapped data type are dropped. Therefore, it is advisable to perform alternative data type mapping before users have had the opportunity to create views. For specific information about IMAGE/SQL default data type mapping and alternative choices, refer to Table 2-6 “IMAGE/SQL Data Type Mapping Defaults and Alternatives” in Chapter 2 (Task 4). At run time, SQL turns all mapped table queries over to IMAGE/SQL. Using the mapping information in the ATCINFO file, IMAGE/SQL makes the appropriate TurboIMAGE/XL calls, retrieves the data from the TurboIMAGE/XL database, and returns the data to SQL in the correct SQL format (see Figure 3-5 “IMAGE/SQL at Run Time”.) Note that the data is retrieved from the TurboIMAGE/XL database. Only the mapped table definitions actually reside in the DBEnvironment. The ALLBASE/SQL Optimizer decides which indices, if any, to use and the proper order of operation to ensure that the most efficient path is used. Data is retrieved more efficiently when a mapped column represents a TurboIMAGE/XL search item, key item, or an item which has a B-Tree index (explicit or implicit) or a third-party index. |