CA Datacom SQL Security › Plan Security › Plan Options in Plan Security

Plan Options in Plan Security

This section describes the four plan options used in plan security: CHECKPLAN=, CHECKWHEN=, CHECKWHO=, and SAVEPLANSEC=.

Following is a chart showing which combinations of CHECKWHO=, CHECKWHEN=, and CHECKPLAN= are valid. Refer to this chart when studying the descriptions that begin on the following page.

Description of Options

CHECKPLAN=

This plan option allows the creator of a plan to specify whether that plan is to be secured.

If CHECKPLAN=Y, any accessor ID which attempts to execute the plan must have the PLAN EXECUTE privilege for that plan.

If CHECKPLAN=N, any accessor ID can execute the plan (table-level privileges, however, are still checked).

For the chart showing the valid combinations of CHECKPLAN=, CHECKWHEN=, and CHECKWHO=, see Plan Options in Plan Security.

Valid Entries:

Y or N

Default Value:

CHECKPLAN=N is the default only if the CHECKPLAN= parameter in the PLANSEC Multi-User startup option was not specified. If the CHECKPLAN= parameter in PLANSEC was specified, its value is the default here.

Note: For more information about Multi-User startup options, see the CA Datacom/DB Database and System Administration Guide.

CHECKWHEN=

Specifies whether table-level privileges are to be checked at bind or runtime.

If CHECKWHEN=BIND, then CHECKWHO=BINDER must be specified (it is impossible for SQL to know all potential executors). Similarly, if CHECKWHO=ACCESSOR, then CHECKWHEN=EXECUTE must be specified.

For the chart showing the valid combinations of CHECKPLAN=, CHECKWHEN=, and CHECKWHO=, see Plan Options in Plan Security.

Valid Entries:

BIND or EXECUTE

Default Value:

EXECUTE is the default only if the CHECKWHEN= parameter in the PLANSEC Multi-User startup option was not specified. If CHECKWHEN= in PLANSEC was specified, its value is the default here.

Note: For more information about Multi-User startup options, see the CA Datacom/DB Database and System Administration Guide.

CHECKWHO=

Used to specify whether table-level privileges are checked at bind or execute time, and whether the access rights of the binder or the executor are checked. If CHECKWHO=BINDER, the only privilege needed by an accessor ID to run that plan is the PLAN EXECUTE privilege (all table-level privileges required to execute the plan are checked using the binder's accessor-ID). Since the CHECKWHO=BINDER type of plan allows the binder to effectively grant temporary privileges to accessors who use the plan, the ability to create CHECKWHO=BINDER plans must be strictly controlled. To create a CHECKWHO=BINDER plan, you must possess the CHECKBINDER system privilege. For information about the granting and revoking of the CHECKBINDER system privilege, see CHECKBINDER System Privilege.

Because it is impossible for SQL to know all potential executors, specify CHECKWHO=BINDER if CHECKWHEN=BIND and CHECKWHEN=EXECUTE if CHECKWHO=ACCESSOR.

For the chart showing the valid combinations of CHECKPLAN=, CHECKWHEN=, and CHECKWHO= earlier in this topic.

Valid Entries:

ACCESSOR or BINDER

Default Value:

ACCESSOR is the default only if the CHECKWHO= parameter in the PLANSEC Multi-User startup option was not specified. If the CHECKWHO= parameter in PLANSEC was specified, its value is the default here.

Note: For more information about Multi-User startup options, see the CA Datacom/DB Database and System Administration Guide.

SAVEPLANSEC=

Use this option to specify whether to drop or not to drop security privileges granted on a PLAN when a program is re-preprocessed.

SAVEPLANSEC=Y means PLAN privileges are not dropped and therefore do not have to be regranted after re-preprocessing a program.

SAVEPLANSEC=N means PLAN privileges are dropped (revoked).

Valid Entries:

Y or N

Default Value:

N