HP 3000 Manuals HP 3000 Manuals
About IMAGE/SQL Security
IMAGE/SQL enforces TurboIMAGE/XL database security. That is, SQL users
can access only the data defined for them in the TurboIMAGE/XL database
schema.
To accomplish this, during an attach, only the DBC is defined as an SQL
user. This user has access to all the mapped tables in the database.
The DBC must explicitly add all other IMAGE/SQL users by associating each
password with a DBEUser_ID. A view is then created for each mapped table
to which the DBEUser_ID has access. This view is based on information in
the TurboIMAGE/XL root file and permits user classes to see the data
defined for them in the TurboIMAGE/XL schema. Users, including user
class 0, must know the names of the views to which they have access.
IMAGE/SQL utility security can be modified only by someone who is both
the DBC and a DBA of the respective database management systems.
Controlling IMAGE/SQL User Access
IMAGE/SQL takes the following steps to control users' access to
TurboIMAGE/XL data (see Figure 3-4 ):
* When an SQL user is added, IMAGE/SQL creates an SQL authorization
group. The name of this group is based on the user class of the
password named in the ADD USER command. The naming convention for
this group is OwnerName_UserClass#. The new DBEUserID
(User@Account) is then added to this group.
One view is then created for each data set the user class is
allowed to access. The naming convention for these views is
OwnerName.MappedTableName_VUserClass#.
If data is not password-protected, user class 0 is assumed and
views of this data are created for user class 0.
* When an SQL user is deleted, the DBEUserID is removed from the SQL
group associated with the TurboIMAGE/XL user class. Note that the
group itself and the corresponding views remain in the
DBEnvironment because other user-created views may be based on
these views.
* When the database is detached, all views based on mapped tables,
including user-created views, are dropped.
Click here to view figure.
Figure 3-4. IMAGE/SQL Security Mapping
IMAGE/SQL Data Type Mapping
IMAGE/SQL maps all TurboIMAGE/XL data types to the closest equivalent SQL
data types. Sometimes completely compatible choices are not available,
or more than one viable alternative exists. In these cases, IMAGE/SQL
chooses default data types for you, but also provides alternative data
type mapping that you can select if it more closely meets your particular
needs.
Note that when alternative data type mapping is selected, all
user-created views containing the mapped data type are dropped.
Therefore, it is advisable to perform alternative data type mapping
before users have had the opportunity to create views.
For specific information about IMAGE/SQL default data type mapping and
alternative choices, refer to Table 2-6 in Chapter 2 (Task 4).
At Run Time
At run time, SQL turns all mapped table queries over to IMAGE/SQL. Using
the mapping information in the ATCINFO file, IMAGE/SQL makes the
appropriate TurboIMAGE/XL calls, retrieves the data from the
TurboIMAGE/XL database, and returns the data to SQL in the correct SQL
format (see Figure 3-5 .)
Click here to view figure.
Figure 3-5. IMAGE/SQL at Run Time
Note that the data is retrieved from the TurboIMAGE/XL database. Only
the mapped table definitions actually reside in the DBEnvironment.