HPlogo Up and Running with ALLBASE/SQL: HP 3000 and HP 9000 Computer Systems > Chapter 3 Setting Up a Database with ISQL

Granting Authorities
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Because you created MUSICDBE, you have DBA (database administrator authority), which lets you grant authorities to other users. In a simple authorization scheme, you first grant CONNECT authorization to permit access to the DBEnvironment itself. Then you grant table authorities to specific users or groups of users. You can also include the special user PUBLIC, which includes anyone who has the authorization to CONNECT to the DBEnvironment. Use the following statements to create an authority scheme for two groups of users, announcers and librarians, while excluding all others (PUBLIC). First, create two authorization groups:

   isql=> CREATE GROUP Librarians; Return

   isql=> CREATE GROUP Announcers; Return

Next, add users. In MPE/iX:

   isql=> ADD Ann@Library, Peter@Library TO Return

   > GROUP Librarians; Return

   isql=> ADD Fred@Control, Julia@Control TO Return

   > GROUP Announcers; Return

In HP-UX:

   isql=> ADD Ann, Peter TO Return

   > GROUP Librarians; Return

   isql=> ADD Fred, Julia TO Return

   > GROUP Announcers; Return

Next, grant the needed authorities, as follows:

   isql=> GRANT CONNECT TO Return

   > Announcers, Librarians; Return

   isql=> GRANT ALL ON Albums Return

   > TO Librarians; Return

   isql=> GRANT ALL ON Titles Return

   > TO Librarians; Return

   isql=> GRANT SELECT ON Albums Return

   > TO Announcers; Return

   isql=> GRANT SELECT ON Titles Return

   > TO Announcers; Return

Finally, revoke authorities on PUBLIC tables from PUBLIC:

   isql=> REVOKE ALL ON Albums Return

   > FROM PUBLIC; Return

   isql=> REVOKE ALL ON Titles Return

   > FROM PUBLIC; Return

   isql=> COMMIT WORK; Return

Because you created these tables as PUBLIC (shareable by everyone) in an earlier step, you need to remove authorities from PUBLIC. This retains the locking characteristics of PUBLIC tables while restricting access to just those users specified in your GRANT statements. This is the normal procedure for tables that will have restricted but still multi-user access in the DBEnvironment.

You can also use views to provide restricted access to portions of tables. After creating the view, you can grant access on it to a specific user or group:

   isql=> GRANT SELECT ON Selections TO PUBLIC; Return


Creating Views
  		 


Creating an Index  
Feedback to webmaster