Home
SecurityYou can secure your HCL OneDB™ database server and the data that is stored in your HCL OneDB™ databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in HCL OneDB™The HCL OneDB™ Security Guide documents methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
Discretionary access controlDiscretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.
User rolesA role is a work-task classification, such as payroll or payroll manager. Each defined role has privileges on the local database object granted to the role. You use the CREATE ROLE statement to define a role.

User roles

A role is a work-task classification, such as payroll or payroll manager. Each defined role has privileges on the local database object granted to the role. You use the CREATE ROLE statement to define a role.

After you create a role, use the GRANT statement to grant privileges to one or more users associated with the role name.

When a role is granted to a user, the role grantor or the role grantee (user) must use the SET ROLE statement to activate the role. Only then does the user have the privileges of the role.

Important: The scope of a role's privileges is the current database only. When the SET ROLE statement is run, the role is set in the current database only. As a security precaution, a user with role privileges cannot access tables on a remote computer through a view, trigger, or programmed procedure.

For more information about creating and using roles, see the HCL OneDB™ Guide to SQL: Syntax.