Table of Contents
| Note: | The following information only applies to Enterprise Database Server databases that are mapped to SQL. Permissions are still assigned to SQL schema-generated databases through the Data Definition Language (DDL) file, however, attempts to use the following commands on an SQL database result in the error, “This feature is only for SQL Viewed Databases.”If you have a SQLVIEW database running on an earlier version of ClearPath MCP, see Updating an Enterprise Database Server Database for SQLVIEW database migration considerations. |
Permissions enable users privileges to specific database structures. If no permissions are defined, only the owner of the database—the usercode that initiated the most recent SQLVIEW of the Enterprise Database Server database—has access to the database structures. Typically, the owner is the database administrator or the user who compiled the database. The owner of a database can assign permissions to other users and optionally allow those users the authority to assign permissions to others.
The owner of a database can be changed using the following method:
| Note: | Changing the owner of a database removes the privileges of the current owner and assigns them to the new owner. |
-
Under the current database owner usercode, save the currently defined permissions to a text file. For more information, see “Saving Permission Results” in the topic, Saving and Restoring Permissions.
-
Ensure that the new owner has access to the saved permissions text file.
-
Under the new database owner usercode, do the following:
-
Under the usercode and pack of the database control file, remove the MCPSQL catalog, DESCRIPTION/<database name>/MCPSQL-CATALOG.
-
Create a new MCPSQL catalog.
Note: For information on how to create a new MCPSQL catalog, see Updating an Enterprise Database Server Database. -
Review the saved permission file and ensure that the permissions file is configured as is necessary for the database.
-
Restore the permissions and apply them to the database.
Note: For information on how to restore permissions, see “Restoring Permission Results” in the topic, Saving and Restoring Permissions.
-
The following terminology is used when discussing access rights to database structures:
|
Permission |
The overall definition of a specific access right for a given user for a given structure of the database to perform certain actions. The GRANTALL option of the SQLVIEW command automatically grants all users permissions on the entire database during the initial execution of the SQLVIEW command. |
|
Privilege |
The actions that can be allowed as part of the permission. These actions are SELECT, INSERT, UPDATE, and DELETE. |
|
Owner |
The database administrator or other privileged usercode that can create databases and perform the SQLVIEW. By default, the owner is the only user with the ability to access the database after the SQLVIEW of the Enterprise Database Server database is performed. The owner must define permissions for other users to allow them access the database—even for read-only access. |
|
Grantor |
The user who grants a permission to another user. |
|
Grantee |
The user for which a permission is defined. |
In previous MCP releases, by default, all users had privileges to all structures of a database until at least one permission was defined. For the MCP 19.0 release and future releases, only the owner of the database has permissions to the database after the SQLVIEW is performed. The owner must then create permissions to allow any other users to retrieve, insert, modify or delete any data or to view the metadata (schema) of the database.
The database owner—and users with authority to assign permissions—can use the Query Design Center to administer user privileges using the following commands:
