Purpose of a Guard File
You can secure access to the physical database structures by specifying guard file titles in the database definition. The guard files can be used to define access rights for the whole database or for individual database structures.
Using guard files prevents programs or users not listed in a guard file from opening the database through database management software. The operating system and the Accessroutines verify whether any user attempting to open the database is allowed to do so.
Limiting Database Access
In the guard file you can assign many restrictions on the use of the database. These restrictions include allowing
-
The database to be opened only for inquiry purposes.
-
Only designated users to open the database.
-
Only designated users running specific programs to open the database.
-
Only designated users to use specific database operations.
Designating Guard Files
To attach a guard file to a database, you must include a guard file specification as part of the database physical options. In addition, you can designate individual guard files for specific structures in a database.
Example
The following DASDL statement secures the Enterprise Database Server database MYDB with a guard file titled (DBA)GUARD/PHYSICAL ON P:
MYDB (GUARDFILE = (DBA)GUARD/PHYSICAL ON P);
Adding Guard Files to an Existing Database
To upgrade a database to include guard file specifications, update the database definition with the appropriate guard file specifications, and then perform a database update procedure; that is, run a DASDL update for an Enterprise Database Server database.
