About tables
When you secure resource type DB, you can control who can create and access a table-like object. Until you secure resource type DB, any user can create and access a table-like object.
How to Secure Tables
You secure tables by securing the DB resource.
Note: For more information, see Securing Databases.
If you secure tables externally, you must also include an entry in the SRTT with external security information for resource type TABL.
How to Grant Table Definition Privileges
To allow a user to create a table-like object, you issue a GRANT statement on the table-like object, specifying the privilege or privileges and identifying the object. You can specify any combination of CREATE, ALTER, DISPLAY, and DROP privileges, or you can specify all definition privileges (DEFINE). You can also specify the REFERENCES privilege.
Note: REFERENCES privilege allows the user to create a constraint that names the table as the referenced table in the constraint.
As a holder of SYSADMIN or DBADMIN privilege or as owner of the table-like object, you can specify WITH GRANT OPTION when you grant definition privileges to allow the recipient to grant the same privileges to another user.
Note: For more information, see GRANT SQL Definition Privileges and see REVOKE SQL Definition Privileges"
For more information about creating tables and constraints, see the CA IDMS SQL Reference Guide.
How to Grant Table Access Privilege
To allow a user to access a table-like object, you issue a GRANT statement on the table-like object, specifying the privilege or privileges. You can specify any combination of DELETE, INSERT, SELECT, and UPDATE privileges.
As a holder of SYSADMIN or DBADMIN privilege, or as owner of the table-like object, you can specify WITH GRANT OPTION when you grant access privileges to allow the recipient to grant the same privileges to another user.
Note: For more information, see the following sections:
How to Grant All Table Privileges
You can grant all definition and access privileges on a table-like object with the GRANT ALL PRIVILEGES statement.
As a holder of SYSADMIN or DBADMIN privilege, or as owner of the table-like object, you can specify WITH GRANT OPTION when you grant all table privileges to allow the recipient to grant the same privileges to another user.
Note: For more information, see the following sections:
Securing Access to Table Definitions
You can allow limited access to table definitions by granting users privilege on SYSCA views.
SYSCA views restrict access to information in the SYSTEM tables to viewing definitions of only those tables on which the executing user holds SELECT privilege. SYSCA information about tables on which the executing user does not hold SELECT privilege. Therefore, a user who holds privilege on SYSCA views and not on SYSTEM tables must have the authority to retrieve data from a table in order to be able to view the definition of the table.
Note: For more information about SYSCA views, see the CA IDMS SQL Reference Guide.
|
Copyright © 2014 CA.
All rights reserved.
|
|