AUTHORIZATION statement

Syntax

AUTHORIZATION "username"

Description

Use the AUTHORIZATION statement to specify or change the effective run-time user of a program. After an AUTHORIZATION statement is executed, any SQL security checking acts as if username is running the program.

username is a valid login name on the machine where the program is run. username must be a constant. username is compiled as a character string whose user identification (UID) number is looked up in the /etc/passwd file at run time.

An AUTHORIZATION statement changes only the user name that is used for SQL security checking while the program is running. It does not change the actual user name, nor does it change the user's effective UID at the operating system level. If a program does not include an AUTHORIZATION statement, it runs with the user name of the user who invokes it.

You can change the effective user of a program as many times as you like. The username specified by the most recently executed AUTHORIZATION statement remains in effect for subsequent EXECUTE statement and PERFORM statements as well as for subroutines.

When a file is opened, the effective user's permissions are stored in the file variable. These permissions apply whenever the file variable is referenced, even if a subsequent AUTHORIZATION statement changes the effective user name.

The effective user name is stored in the system variable @AUTHORIZATION.

A program using the AUTHORIZATION statement must be compiled on the machine where the program is to run. To compile the AUTHORIZATION statement, SQL DBA privilege is required. If the user compiling the program does not have DBA privilege, the program will not be compiled. You cannot run the program on a machine different from the one where it was compiled. If you try, the program terminates with a fatal error message.

Example

AUTHORIZATION "susan"
OPEN "","SUES.FILE" TO FILE.S ELSE PRINT "CAN'T OPEN
SUES.FILE"
AUTHORIZATION "bill"
OPEN "","BILLS.FILE" TO FILE.B ELSE PRINT "CAN'T OPEN
BILLS.FILE"
FOR ID = 5000 TO 6000
   READ SUE.ID FROM FILE.S, ID THEN PRINT ID ELSE
NULL
   READ BILL.ID FROM FILE.B, ID THEN PRINT ID ELSE
NULL
NEXT ID
Parent topic: BASIC Statements and Functions