Browse Prior Art Database

Method for Determining Group Membership From Inside a Database

IP.com Disclosure Number: IPCOM000100687D
Original Publication Date: 1990-May-01
Included in the Prior Art Database: 2005-Mar-16
Document File: 2 page(s) / 70K

Publishing Venue

IBM

Related People

Hoffman, RD: AUTHOR

Abstract

Disclosed is a method to provide, as an SQL function, a means to determine the security groups to which a user belongs.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 90% of the total text.

Method for Determining Group Membership From Inside a Database

       Disclosed is a method to provide, as an SQL function, a
means to determine the security groups to which a user belongs.

      In many database systems, access to objects is determined not
only by the authorization ID of the individual user, but also by the
authorization IDs of groups to which the user belongs.  However,
these group authorization IDs are not usually considered part of the
database, and so it is difficult (or impossible) to obtain a list of
them.

      The DESCRIBE USER statement is a new statement in SQL which
provides a list of all authorization IDs which the user is entitled
to use and some information about each authorization ID.

      The DESCRIBE USER statement can be embedded in any SQL host
language program.  It cannot be issued interactively. The syntax of
the statement is as follows:

      DESCRIBE USER INTO <descriptor> where <descriptor> is the name
of a control block in the invoking application.  This control block
will receive the list of authorization IDs currently in effect.

      Table 1 lists the fields in this control block.  Values for
these fields are assigned by the system, except for the SQLAAN field,
which must be supplied by the invoking application before issuing a
DESCRIBE USER statement.

      The SQL INCLUDE statement has been enhanced so that "INCLUDE
SQLAA", embedded in application source code, will cause a control
block...