Relativity provides security that protects data in the database tables against unauthorized disclosure, alteration, or destruction.
For security purposes, a unit of data (or data object) ranges from an entire database to a specific column within a table
of the database. A given user has different access privileges on different units of data. Access privileges (or privileges,
for short) are the mechanism that provides data security for a Relativity database.
To provide data security, the person responsible for designing the databases must:
- Define groups and users. The first step in effective database administration is to design and establish the group structure; that is, the users and
groups of users who are authorized access to the tables within the database. Groups and users are the basis for establishing
such security. An individual user is identified by a user name. A group of users is identified by a group name. Each user
name and group name within a Relativity database must be unique.
- Define catalog ownership. Catalog ownership is a role given to a particular group. Catalog owners are the only users that can log on to the database's
catalog in Relativity Designer to design the relational tables, and grant access and privileges to those tables to other groups
of users. Ownership is assigned to the first group defined, but it can be changed to another group, if required.
- Define group privileges. Catalog owners can grant specific permissions for groups, allowing other groups to access and update table data. This is
similar to the GRANT/REVOKE facilities in other relational database management systems.
In a Relativity catalog, privileges are assigned to a group of users. All users within a group inherit the privileges of
the group. Not all groups associated with the Relativity database need access to all the data in the database. A group of
users is given privileges only to the data that is necessary for the group to carry out its work.
When granting privileges, it may be helpful to think of them in terms of a hierarchy, with the group that is the owner of
the catalog having the highest level permissions, the group with administrator privileges having the next level of permissions,
and a user group having the lowest level permission (the ability to access only one or more tables or columns).
Note: Relativity supports a set of stored procedures, identified with the prefix, DBA-, only if the user is the owner or a database
administrator of the Relativity catalog. The DBA stored procedures deal with table definitions, table connections, and file
names. All of the stored procedures are ODBC driver-specific. For more information, see
Stored Procedures in the
For Advanced Users | Relativity-Specific topic in the Relativity DBMS Help file.