You use these statements to assign access authorization for specific attributes.
Since the primary key is not subject to access protection for attributes, the associated symbolic attribute name AAA cannot be specified in 1P2 or 1P2N statements. In the case of a compound key, however, it is possible to use 1P2/1P2N statements to assign access authorization to a password for the individual compound-key attributes (symbolic attribute names: AAB, AAC, AAD,...).
After a 1P1 statement you can specify either 1P2 statements or 1P2N statements, but not both.
You can also use a 1P2/1P2N statement to assign authorization for individual attributes that the table does not yet contain but that are to be added subsequently.
The 1P2 statement allows you to assign access authorization for specific attributes or ranges of attributes.
1P2'BLANK''BLANK'b{san | san1san2 }['BLANK'b{san | san1san2 }]...
This statement assigns access authorization for all attributes in the table except for those attributes or ranges of attributes whose symbolic attribute names are specified in the statement.
1P2N'BLANK'[b]{san | san1san2 }['BLANK'{san | san1san2 }]...
b | Type of authorization: In the 1P2N statement, you must always specify the type of authorization. |
san
Symbolic attribute name
san1san2
For san1, specify the name of the first attribute in a range of attributes. For san2, specify the name of the last attribute in the range.
If you specify several symbolic attribute names, they must be in ascending order. Ranges of attributes must not overlap.
Example 1
The attribute with the symbolic name ABC can only be read, the range from CCB to DFG can only be updated, and FGH can be read and updated:
1P2'BLANK''BLANK' 1ABC'BLANK' 2CCBDFG'BLANK' 3FGH
Example 2
All attributes can be read except ABC, CAF, CAK to DKV, MAN, VWX and XX1. Access authorization for this is specified in two 1P2N statements:
1P2N'BLANK' 1ABC'BLANK' CAF'BLANK' CAKDKV1P2N'BLANK' MAN'BLANK' VWX'BLANK' XX1