Granting Database Privileges

Access to objects can be secured on both the database and the object level with Micro Focus XDBC. If you created your database using mfdbcutil or mfinit with the -p or the -pa options, you will have a database that supports user authorization IDs. (By default, mfinit will create the database with the -pa option, providing both database-level privileges and object-level privileges.)

By default, the system will create a single user system with the password manager. There is also a second special authorization ID called public, which is used only in the context of object-level privileges. Any object owned by public is accessible by all authorization IDs. By default, when you load an XFD into Micro Focus XDBC, the owner of the object will be public. You may override this by specifying the -o option to mfdbcutil or the -u option to mfaddfile.

Once you have created your database with database-level privileges, you will need to create additional user authorization IDs. This is done using the SQL GRANT command from within the command-line query tool or script (xdbcquery or mfsql) or some other ODBC-enabled query tool that will allow the input of SQL commands. (The GRANT statement is described in detail in the topic GRANT (Database Privileges) command. The command-line query tool is described in the section Starting xdbcquery in the chapter Using the Command-line Query Tool.)

If you wish, you can load the system catalog with your XFDs and send the loaded tables to your customer or end user. A site administrator can grant database and table permissions.

A second — and perhaps more efficient — approach to setting up a new database is to use an SQL script file to create all of the user authorization IDs and object-level privileges. This script can then be run at the end-user site using the command-line query tool. For example:

mfsql -u system -p manager -r my_script.sql

where my_script.sql is a text file containing the SQL commands to perform. For an example of this, see the mfinit script, which executes the cview.sql script to create the information schema in new databases.

Once you have granted users database privileges, you can modify their object-level privileges as well.