In the SQL Security Model, the creator of the table controls the resource. Anyone who has CATALOG authority for a database can create tables in that database. CATALOG authority is maintained in CA Datacom/DB using an external security product. Tables created by SQL after SQL security is in force for the database, are controlled by the table creator. The creator of a table has ALTER, DROP, and GRANT authority on that table. The table creator grants access authority to users and can optionally give users the ability to grant rights to others.
In addition to the table creator, the Security Administrator also has ALTER, DROP, and GRANT authority on SQL tables. In external CA Datacom/DB security, Security Administrators are defined to the DTADMIN resource class.
Tables do not have a table creator if they were created by an SQL CREATE statement before the SQL Security Model was in force, of if they were created in CA Datacom Datadictionary. In this case, the Security Administrator must issue the first GRANT statement for the table.
SQL plans are securable resources. The user who creates the plan must have all the appropriate access rights for the table(s), view(s), synonym(s), and column(s) used in the plan.
Once a plan is created, the plan owner can grant to others the ability to use the plan even if they do not have the specific access rights required to bind the plan. Plan creators can therefore lend their access rights to other users while executing a specific plan, but without granting those users generic access rights to the resources used by the plan.
The specific access rights and commands involved in using plan security are discussed in Plan Security.
|
Copyright © 2014 CA.
All rights reserved.
|
|