Authorizing Users for Row-level Security

Administrative Functions of ASF › Restricting ASF Users › Limiting Row-level Security Authorization › Authorizing Users for Row-level Security

Authorizing Users for Row-level Security

Give Access to SRT

At installation time, the only user authorized to use row-level security is CULL DBA. If users are to apply row-level security to their tables, they must have the authority to access the SRT. However, the SRT itself is protected by row-level security. As a result, users must be associated with the SRT's security name, SRTSECNM.

To give users authority to access the SRT, the DBA must first access the RLOD screen:

Type rlod in the screen name field of any screen or choose the SRT on the SYST screen and press [PF3].
At the RLOD screen, enter the information listed below. If you are granting access to an individual user, enter the user ID and leave the group ID blank. If you are granting access to a group (you must have CA-ICMS installed), leave the user ID blank and enter the group ID.
- GROUP—The group to have access to row-level security.
- USER—The user to have access to row-level security.
- OWNER—The owner of the SRT table; type idbsystem.
- SECURITY-NAME—The security name associated with the SRT; type srtsecnm.
- WHERE-CLAUSE—The user or group ID of the person or group being authorized to establish security. You should normally allow each user to see only the information associated with his own tables. To do this, specify owner eq user-id.
  If you leave this field blank, you automatically grant DBA authority to that user or group.
Press [PF1] to add the row to the SRT table.
Press [PF4] to validate the entry.

CA NO ERRORS ON VALIDATION $SECURITY-RUNTIME-TABLE$ GROUP USER OWNER SECURITY-NAME STATUS WHERE-CLAUSE

Note: When a table is deleted, the SRT entries are not automatically deleted.

If you delete the CULL DBA entry in the SRT without having previously added another user to the SRT (with administrator authority), you will have to initialize ASF in order to access the SRT again.