Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Teradata RDBMS forUNIX SQL Reference - NCR

NCR Teradata RDBMS forUNIX SQL Reference - NCR, 1997. - 913 p.
Download (direct link): teradataforunix1997.pdf
Previous << 1 .. 113 114 115 116 117 118 < 119 > 120 121 122 123 124 125 .. 241 >> Next


Assume that DatabaseA contains several tables, and that INSERT Scenario A privilege has been granted to PUBLIC on Tablel only. Assume also

that a current statement specifies “BEGIN LOGGING ON FIRST INSERT ON DatabaseA”. Subsequently, if users other than the owner submit insert statements against tables in DatabaseA, the log entries are:

• A granted entry for the first insert into Tablel

• A denied entry for the first attempt at an insert into any other table in the database

When logging is specified at the database level, the same type of action against separate tables in that database might not be logged as separate actions.

Assume that DatabaseA contains Tablel and Table2, and that a Scenario B 8 current BEGIN LOGGING statement specifies logging on FIRST

INSERT for DatabaseA. Next, assume that rows were inserted into both Tablel and Table2 in the same session. The logging result would be a single entry identifying the table that was the object of the first insert.

If the access right is at the database level and the logging specification is at the table level, only actions against the table are considered for logging entries (the absence of an access right at the table level does not necessarily result in a log entry).

A single log entry is generated for the table according to the results of privilege checks at both the table level and the database level

Teradata RDBMS for UNIX SQL Reference

8-35
Teradata SQL Syntax Guide

BEGIN/END LOGGING

Scenario C

Rules for Using DDL Statements

IF . . . THEN . . .
either check succeeds a granted entry is generated.
neither check succeeds a denied entry is generated.
access logging is specified for a data object (for example, a table) log entries are generated whether that object is accessed by name or through a view or macro.

A logging statement specifying FIRST SELECT ON DatabaseA.Tablel causes a log entry to be generated if an access statement is any of the following:

• SELECT . . . FROM Tablel

• SELECT . . . FROM View1_of_Table1

• EXECUTE MACROl

(where Macrol contains the statement select . . . from

Tablel)

A user can enter a MODIFY USER statement that references himself or herself as the user. In such a case, no access rights are required to change the following options: BEFORE JOURNAL, AFTER JOURNAL, DEFAULT JOURNAL TABLE, PASSWORD, STARTUP, COLLATION AND DEFAULT DATABASE. Logging is triggered by the use of access rights. Therefore, no logging will take place if the user enters a MODIFY USER command that only changes one or more of these options for the user himself or herself.

The BEGIN LOGGING and END LOGGING statements are DDL statements because they affect Data Dictionary entries, which are used by the Teradata RDBMS when executing subsequent statements. As such, they must be submitted following the rules for DDL statement usage.:

• A DDL statement cannot be combined with other statements as part of a multistatement request.

• A DDL statement can only be included in an explicit transaction (one or more requests bracketed by BEGIN/END TRANSACTION statements) if it is one of the following:

• the only statement in the transaction, or

• structured as a single-statement request that appears as the last request in the transaction.

When a BEGIN LOGGING or END LOGGING statement is submitted, the system checks that the executing user has EXECUTE privilege on the special system macro associated with that

8-36

Teradata RDBMS for UNIX SQL Reference
Teradata SQL Syntax Guide

BEGIN/END LOGGING

statement. No checks are made for privileges on the user or objects identified in the LOGGING statement.

If the statement cannot be executed, an error message is returned to the user. Possible errors could be an invalid action-name, username, or object-name.

Logging entries are stored in the system table DBC.AccLogTbl. The view DBC.AccessLog offers access to the contents of this table.

If BEGIN LOGGING statements are not submitted, the system default is to not generate any entries on any user action.

Refer to the Teradata RDBMS for UNIX Security Administration Guide, for more detail on using BEGIN and END LOGGING.

The following example illustrates the use of BEGIN/END Examples LOGGING:

BEGIN LOGGING WITH TEXT

ON EACH USER, DATABASE, GRANT ;

Teradata RDBMS for UNIX SQL Reference

8-37
Teradata SQL Syntax Guide

BEGIN/ END TRANSACTION

BEGIN/ END TRANSACTION

The BEGIN TRANSACTION and END TRANSACTION statements

define a single logical transaction, and are valid in Teradata mode only.

For ANSI mode transaction control statements, refer to “COMMIT” on page 8-51 and “ROLLBACK” on page 8-243.

Syntax

BEGIN TRANSACTION -BT-----------------

1“

statement

END TRANSACTION --------ET -------

TT

FF07A045

where:

Syntax Element... Description
BEGIN TRANSACTION Initializes a transaction.
statement Specifies a SQL statement that is part of the transaction. Statements can be included in the request or subrequest.
Previous << 1 .. 113 114 115 116 117 118 < 119 > 120 121 122 123 124 125 .. 241 >> Next