ADABAS provides the user with a comprehensive authorization concept that supports four functional user classes and column-oriented access rights.
It is thus possible to generate an individual partial view on the data set for each user and to protect the data from unauthorized access and modifications.
ADABAS distinguishes between four classes of user:
- SYSDBA
- DBA
- RESOURCE
- STANDARD
In addition to the rights of a DBA, the SYSDBA has the right to create users with the status DBA on his SERVERDB.
Users with DBA status can create users and usergroups with RESOURCE and STANDARD status, create private data and pass on privileges to other users. The user status DBA includes all rights which a user with the RESOURCE status has.
RESOURCE users can define their own tables, views, and synonyms and pass on privileges for these objects.
STANDARD users may define views and synonyms but otherwise may only execute operations on data for which they have been privileged.
Several RESOURCE or STANDARD users can be grouped together by their DBA into a user class. This makes the administration of privileges easier because all members of a usergroup obtain the same rights with respect to SQL authorization.
Privileges are granted to users or usergroups with the GRANT statement and are withdrawn with REVOKE. Privileges relate to tables, views, columns, and DB procedures. With views, it is also possible to formulate privileges which depend on the database contents (value-dependent privileges).
The following privileges relating to database objects can be granted:
SELECT (column list)
INSERT
DELETE
UPDATE (column list)
SELUPD (column list)
INDEX
ALTER
REFERENCES
EXECUTE
The privileges SELECT, INSERT, DELETE, UPDATE, and SELUPD relate to the corresponding SQL statements. INDEX allows the use of CREATE/DROP INDEX; ALTER the use of ALTER TABLE, and REFERENCES the reference to a table in the REFERENCES clause of a table definition. With EXECUTE, the right to call a DB procedure can be passed on to other users. ADABAS supports the WITH GRANT option with which the recipient of a privilege is able to pass on this privilege.
DBAs can restrict the use of resources by database users for whom they are responsible. With PERMLIMIT and TEMPLIMIT, the allocatable disk space can be restricted. COSTWARNING and COSTLIMIT prevent expensive SQL queries. With the CONTROL function ACCOUNTING, the use of resources per user can be recorded and accounted precisely.