Skip to main content

This version of the product is no longer supported, and this documentation is no longer updated regularly. See the latest version of this content.Opens in a new tab

%EM.DistSQLSecurity

class %EM.DistSQLSecurity extends %Library.RegisteredObject, %XML.Adaptor

Enterprise Manager distributed SQL Security API

Method Inventory

Methods

classmethod Execute(Command As %String) as %Status
Execute an SQL command to update SQL Security meta-data. Updates can be made on an instance that is a member of an Enterprise Management group that manages the Distributed SQL Security service. Updates made with Enterprise Manager Distributed SQL Security API class are first applied locally and then distributed to other instances in the EM group containing the Distributed SQL Security service. The command argument is a string containing a valid SQL security command from the following set: "CREATE USER", "DROP USER", "CREATE ROLE", "DROP ROLE", "GRANT" and "REVOKE". Any valid command syntax from this set of commands is acceptable. Other SQL commands (examples: "CREATE TABLE", "DROP VIEW", "SELECT") are not supported and will return an error status.

Example commands:
  • CREATE USER UserName IDENTIFIED BY Password
  • DROP USER UserName
  • CREATE ROLE RoleName
  • DROP ROLE RoleName
  • GRANT RoleName TO UserName
  • GRANT PrivilegeName TO RoleName
  • REVOKE RoleName FROM UserName
When invoked, the SQL command is first executed on the local instance. If it fails, an error status is returned and no further processing occurs. If it succeeds, the command, $username and namespace are transmitted to the Enterprise Manager server where it is stored and forwarded to other members of the group sharing the Distributed SQL Security service. There, the command is stored and executed by a background process and the results are saved. When the update has been received by all instances, the message is deleted on the EM server. The CREATE/DROP USER commands are disabled for instances that are managed for Users and the CREATE/DROP ROLE commands are disabled for instances that are managed for Security.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab