Changes protection for a single entry within the specified access
control list.
Example:
RDO> CHANGE PROTECTION FOR DATABASE
cont> [ADMIN,JONES]
cont> ACCESS "WRITE+MODIFY+ERASE".
1 – Format
(B)0[m[4mCHANGE[m [4mPROTECTION[m FOR qqqqk
x
lqqqqqqqqqqqqqqqqqqqqj
mqqqqwqqq> [4mDATABASE[m qqqqqqqqqqq>qqqqqqqqqqqqqqqqqk
tqqq> [4mRELATION[m qq> relation-name qqqqqqqqqqqu
tqqq> [4mVIEW[m qqqqqq> view-name qqqqqqqqqqqqqqqu
mqqq> [4mFIELD[m q> field-name [4mIN[m relation-name qu
lqqqqqqqqqqqqqqq<qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
mqqqwqqqqqqqqqqq>qqqqqqqqqqqwqk
tqq> sequence-number qqqu x
mwq> identifier qqqwqqqqj x
mqqqqqqq + <qqqqqqj x
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
mqq> [4mACCESS[m qqwq> access-right qqwqqqqqqqqqq> .
mqqqqq + <qqqqqqqqqj
1.1 – relation-name
The name of the Oracle Rdb relation for which you want to change an
ACL entry.
A user with MODIFY rights on the relation automatically gets
the same rights on all fields in the relation. However, you can
restrict MODIFY rights by defining them only on specific fields
you want users to be able to modify and thus remove the right
from the relation entry.
1.2 – view-name
The name of the view for which you want to change an ACL entry.
1.3 – field-name
The name of the local field in a specified relation for which you
want to change an ACL entry.
Rights on a field are determined by the rights defined on the
relation combined with those specified for the specific relation
ACL.
1.4 – sequence-number
A number that identifies the entry within the specified access
control list whose protection you want to change. The default is
one.
If you specify a sequence number larger than the largest existing
sequence number, Oracle Rdb returns an error message.
1.5 – identifier
An OpenVMS user identifier that identifies the entry within
the specified access control list whose protection you want to
change. An identifier can be any of the following:
o UIC identifier
You cannot specify more than one UIC identifier in a CHANGE
PROTECTION statement.
o General identifier
o System-defined identifier
1.6 – access-right
An access right to be granted or denied to the user identified
by UIC. The new version of the ACL entry you create with the
CHANGE PROTECTION statement does not inherit any characteristics
from the old version. When you change protection on a database
element, you need to specify the entire entry, including all the
access rights you want to deny.
Request HELP on Access_rights to see a complete table of Oracle Rdb
access rights.
2 – More
You must have the CONTROL privilege to modify the access rights
of other users with the CHANGE PROTECTION statement.
An access control list (ACL) is attached to each database and
relation. Each list consists of entries that specify two items of
information:
o An identifier that specifies a user or set of users.
o A set of access rights. These rights specify what operations
that user or set of users can perform on the database or
relation.
The new version of the ACL entry you create with the CHANGE
PROTECTION statement does not inherit any characteristics
from the old version. When you change protection on a database
element, you need to specify the entire entry, including all the
access rights you want to deny.
When changing protection, observe the following rules:
o To change protection, you must first invoke the database that
includes the protection.
o If you specify two or more access rights, separate each by
a plus sign (+), but do not include any spaces. For example,
READ+WRITE.
o If the list of access rights exceeds one line in length, place
the list in quotation marks and use the continuation character
(hyphen). Otherwise, Oracle Rdb reads the carriage return as the
end of the list, and an error results:
cont> ACCESS "DEFINE+CHANGE+DELETE -
cont> +CONTROL+OPERATOR+ADMINISTRATOR"
Granting or revoking a privilege takes effect after the user
detaches and attaches to the database again.
You must execute the CHANGE PROTECTION statement in a read/write
transaction. If there is no active transaction and you issue this
statement, Oracle Rdb starts a read/write transaction implicitly.
Other users are allowed to be attached to the database when you
issue the CHANGE PROTECTION statement.
3 – Examples
Example 1
You can change the protection in an access control list entry by
specifying an identifier:
RDO> CHANGE PROTECTION FOR DATABASE
cont> [GROUP1,SMITH]
cont> ACCESS NOCONTROL+NOOPERATOR+NOADMINISTRATOR.
This statement performs the following actions:
o Identifies the user whose protection you want to change. Here,
the user is identified by [GROUP1,SMITH].
o Changes the access rights to deny the user CONTROL, OPERATOR,
and ADMINISTRATOR privileges. All other privileges remain as
you defined them in the previous version of this ACL entry.
Example 2
You can identify the ACL entry by a sequence number:
RDO> CHANGE PROTECTION FOR DATABASE
cont> 4
cont> ACCESS WRITE+MODIFY+ERASE.
This statement performs the following actions:
o Identifies the entry by specifying a sequence number 4. This
means that this statement will change the fourth entry in the
access control list for the database PERSONNEL.
o Changes the access rights by granting WRITE, MODIFY, and ERASE
access. All other rights remain as they were before.