This statement prevents unauthorized access and controls SAT logging.

Definition

A lower-level DBH option of ADMINISTRATION

Function

CALL DML tables can be protected by password. Security relevant events can be logged with SAT.

You use the DBH option SECURITY to specify the following:

• The number of password violations a CALL DML user working in interactive mode may commit

• Logging security-relevant events with SAT

If a user exceeds the specified number of permitted violations, he or she is prevented from sending any further requests to the DBH during this DBH session. The system administrator can use the RELEASE-USER-RESOURCES administration statement to reset the user's resources and lift the lock (see "RELEASE-USER-RESOURCES").

If a CALL DML user has already opened a logical file, it is not necessary for the system administrator to lift the lock. The CALL DML user can carry out a user-close and subsequently work with the DBH again. If the user-close is carried out during a transaction, the user cannot send any more requests to the DBH until after the end-of-transaction statement.

You can adjust the values of the option during the DBH session by means of the MODIFY-SECURITY administration statement (see "MODIFY-SECURITY").

Operands

SECURITY = *STD

The default values are used. The default values are described under *PARAMETERS.

SECURITY = *PARAMETERS(...)

PRIVILEGE-VIOLATIONS = 10 / <integer 1..99>
The number of attempts permitted to an SQL user to access a table or the number of permitted password violations in the case of CALL DML OPEN statements. The default value for PRIVILEGE-VIOLATIONS is 10 (for users working in the interactive mode).
With application programs in batch mode, only one password violation or access attempt is permitted.

SAT-SUPPORT = *OFF / *ON
Controls the SAT logging. In the case of SAT-SUPPORT=*ON security relevant events are transmitted to SAT for logging. See also the “ Core manual”, section “Logging of security relevant events with SAT”.