You can provide security for data at the level of the DBEnvironment itself, or at the level of individual tables. At the DBEnvironment level, you can provide CONNECT authorization to just those users who need access.
ALLBASE/SQL also has several kinds of table authorities, so that you can control the kind of access that is possible for different users of each column in each table. For each table, you should ask the following questions:
Which users need to SELECT?
Which users need to add new rows or delete existing rows?
Which users need to modify existing rows?
You can classify the users with similar needs by creating a group and then adding those users to it. Make a list of the user groups you need to accomodate in the security design. For example, the Music database might have the following groups and authorities:
| Group Name | Type of Authority |
|---|
| Managers group | ALL authorities on all tables |
| Announcers group | INSERT authority on Log table, SELECT on others |
| Librarians group | ALL authorities on Albums, Titles, and Composers tables |
After creating groups, you can grant and revoke authorities to individual users or groups for each table.
Do some tables require general access for most columns but restricted access for some? For these, you can create views,
which can be made available to all users while the base table is restricted to those with a need to manipulate all columns.
