Use SPL routines to control access to data
You can use an SPL routine to control access to individual
tables and columns in the database. Use a routine to accomplish various
degrees of access control. A powerful feature of SPL is the ability
to designate an SPL routine as a DBA-privileged routine. When you
write a DBA-privileged routine, you can allow users who have few or
no table privileges to have DBA privileges when they execute the routine.
In the routine, users can carry out specific tasks with their temporary
DBA privilege. The DBA-privileged routine lets you accomplish the
following tasks:
- You can restrict how much information individual users can read from a table.
- You can restrict all the changes that are made to the database and ensure that entire tables are not emptied or changed accidentally.
- You can monitor an entire class of changes made to a table, such as deletions or insertions.
- You can restrict all object creation (data definition) to occur within an SPL routine so that you have complete control over how tables, indexes, and views are built.
For information about routines in SPL, see the HCL OneDB™ Guide to SQL: Tutorial.