Previous Topic: Data Manipulation Language (DML) Transaction Level OperationsNext Topic: Data Control Language (DCL) Operations

CA Datacom SQL SecurityImplementing the SQL Security ModelSQL Statements and SQL Security Access RightsData Definition Language (DDL) Operations

Data Definition Language (DDL) Operations

Statement

Authorization
Required

Authorization
Implications

COMMENT ON

Creator of the view or table.

None

ALTER TABLE

ALTER access for the table. *

None

CREATE INDEX

INDEX access for the table being indexed.

None

CREATE SCHEMA

Accessor must be a Global Owner and have the access rights required to execute statements (such as CREATE TABLE) included in the CREATE SCHEMA statement.

The only security effects are those of the statements included in the CREATE SCHEMA statement.

CREATE SYNONYM

None

The owner of the synonym (the ID executing the CREATE VIEW statement) is recorded in CA Datacom Datadictionary.

CREATE TABLE

CATALOG access for the database in which the table
is created. (CATALOG rights are granted with the Online Security Maintenance
Facility.)

The user is the owner of the created table with grantable SELECT, UPDATE, INSERT, DELETE, and ALTER access rights.

CREATE VIEW

SELECT access for each
table or view in the
statement (or PUBLIC must have the SELECT access
right for that table or view).

The creator of the view always acquires the SELECT access right on the view. The SELECT access right is grantable only if the creator has the grantable SELECT access right on every table or view identified in the first FROM clause of the SELECT statement of the view. The creator also acquires any other access right that can apply to the view and that is an access right which the creator has been granted on the tables or views identified in the first FROM clause of the SELECT statement of the view.

The access right is grantable only if all of the access rights from which it is derived are grantable. No column-level access rights are automatically granted. If the accessor has UPDATE access rights at only the column level for a table or view in the subselect, the UPDATE access right is not inherited for the view.

DROP INDEX

INDEX access for the table being indexed.

None

DROP SYNONYM

Creator of the synonym or a Global Owner. *

None

DROP TABLE

Creator of the table or owner of the database containing
the table. *

All owner definitions and all authorizations involving the table are revoked.

DROP VIEW

Creator of the view or a Global Owner. *

All authorizations on the view are revoked.

* CA Datacom/DB does not process a DROP or ALTER statement and returns a -118 SQL return code when the CA Datacom Datadictionary entity-occurrence definition of the table, view, or synonym specified is protected with a password or a Lock Level 1 or 2. For more information about passwords and lock levels, see the CA Datacom Datadictionary documentation.