SESAM/SQL enables you to store the database in a user ID other than the DBH user ID, namely the DB user ID. If the catalog is located on the DB user ID, when you run some utility or DDL statements attempts will be made to locate files and job variables to be created on the DB user ID.
To enable this, the database administrator must make the following preparations. There are two possibilities:
To define the co-ownership for the DBH user ID in the DB user ID
To create files and job variables with BS2000 commands
To define the co-ownership for the DBH user ID in the DB user ID
This is the recommended procedure. As a prerequisite, the software product SECOS must be in use.
In the DB user ID the database administrator defines the DBH user ID as co-owner of the objects concerned (files and job variables). This gives the DBH user ID the same rights for the objects concerned as the DB user ID. These rights also include the right to create an object and to specify a password for it.
Example
The DBH user ID <dbh-id> shall have the right to create, administer and delete files for the catalog <db-cat> on the DB user ID <db-id>.
Solution
<db-id> defines a condition guard <db-cond>, that grants <dbh-id> timewise unlimited access:
/create-guard <db-cond>,user-inf='access conditions for DBH' /add-access-conditions guard-name=<db-cond>, - / subjects=*user(user-identification=<dbh-id>)
Next, <db-id> defines a co-owner protection rule in the active rule container SYS.UCF. This indicates that the access conditions for the files with sample name “<db-cat>*” are specified in the protection guard <db-cond>.
/add-coowner-protection-rule rule-container-guard=sys.ucf, - / protection-rule=rule1, - / protect-object=*parameters(name=<db-cat>*,- / condition-guard=<db-cond>)
You can define co-ownership for job variables (e.g. SESAM. replication.NEXT-REPL-LOG) in the same way. The active rule container for job variables is named SYS.UCJ.
The co-ownership for each BS2000 catalog ID (cat-id) must be defined separately.
For more information on the SECOS “Co-owner protection” function, refer to the “Security Control System - Access Control” manual, chapter “Guards – protection for objects”.
To create files and job variables with BS2000 commands
The database administrator uses the BS2000 command CREATE-FILE to create a catalog entry on the DB user ID for each of the files concerned.
Job variables are created on the DB user ID with the BS2000 command CREATE-JV.
The files and job variables must be shareable (operand USER-ACCESS=*ALL-USERS) and have write access (operand ACCESS=*WRITE).
Files and job variables with BS2000 password
Where co-ownership has been defined, SESAM/SQL creates files with the BS2000 password specified.
In cases where the database administrator creates the files and job variables, he/she must specify the BS2000 password required (e.g. when creating the files and job variables).
Relevant statements and files
The following statements can create or delete files in the DB user ID:
Statement / Process | Files |
SQL statements | |
CREATE SPACE | user space |
DROP SPACE | Delete user space |
ALTER TABLE | Exception file |
Utility functions | |
CHECK FORMAL | Exception file |
COPY (on disk) | Backup files of catalog space and user spaces |
CREATE CATALOG | Catalog space, CAT-LOG file, (CAT-REC file) |
CREATE INDEX | Work file in the case of parallel index creation |
CREATE REPLICATION | Catalog space, user spaces, |
EXPORT TABLE | export file |
IMPORT TABLE | Work file in the case of parallel index creation |
LOAD | Exception file |
RECOVER CATALOG RECOVER CATALOG_SPACE | Catalog space, user space, CAT-LOG file, |
REFRESH SPACE | user space |
REORG SPACE | Work file |
UNLOAD | Output file, error file |
Administration statements of SESADM or administration commands | |
CHANGE-CATLOG or CAW | CAT-LOG file, DA-LOG file, CAT-REC copy |
CHANGE-DALOG or DAW | DA-LOG file |
DML statements | |
First modifying access | DA-LOG file |
Table 57: Files which can be created in the DB ID