Manualshelf

User guide

ManualsBrandsEXP Computer ManualsSwitchThinConnect4
101102103104105106107108109110
The first pass at privilege checking occurs at an object identifier level, asking if this
entity has the right to do this action to this object. If access is denied at this level a
series of cascading attempts are made to try to get the privilege.
After the object protection is checked, the entity's privilege at the database is checked.
If the entity has been granted DBADM it will be allowed to carry out the operation
even if it does not have the explicit privilege such as CREATE. This privilege is a
kind of catch all much like BYPASS on OpenVMS
If the entity still has not been granted the privilege at the database level, the
OpenVMS privileges for the OpenVMS user that the application is running under are
checked.
If that user has the appropriate level of privilege, they are then granted the action on
the object.
This means that privilege checking within Oracle JDBC for Rdb server not only depends on
the privilege assigned to the connection user within the database, but also on the privilege of
the OpenVMS user that started the server application (the Executor).
NOTE:
The Executor is the standard term used for the OpenVMS user under which the
application is executing. This should not be confused with the "executor" processes
used in conjunction with Multi-process servers.
This allows you to set up a privileged server that has access to data that the user may not
have. In other words, you can restrict users access to data in the database if and only if they
come through the Oracle JDBC for Rdb server; they do not have access directly.
If you wish restricted access, grant restricted access only to the Executor and set minimum
privileges. Then grant the appropriate rights to connection users so that they will have the
required access. If they do not have the rights and the Executor does not have the rights,
access is denied. If the user does have the right even though the Executor does not, access is
allowed.
Within the thin server the BYPASS and SYSPRV privileges are disabled by default. The
user will only get the privileges he has been granted and will not inherit privileges from the
Executor.
If the server must run is required to run with BYPASS privilege, thus allowing less
privileged users access to the database objects, use the -bypass option
8.2.1 BYPASS and Multi-Process servers
109