Security model

The JSON security model is based on roles. To fulfill such a role, certain database privileges must be available to a user.

The three user roles are listed as shown:
  • JSON administrator
    • This user role requires SYSCTRL or SYSADM authority to be set for the authorization ID.
  • JSON collection manager
    • A JSON collection manager role requires authorizations for the CREATE TABLE, CREATE TRIGGER, and CREATE INDEX statements.
    • Might need authority to create new SQL schemas, if the JSON administrator has not already created the schemas.
    • Collection managers automatically have the document user role for their collections.
    • Collections are created with default access rights for database users.
  • JSON document user
    • Can insert, update, and delete JSON documents.
    • Authorizations must be explicitly assigned by the JSON collection manager.
    • If implicit creation of documents is allowed, the document user must also have the collection manager role.

For applications that connect through the Java™ API, or for connections from the command-line interface, the authentication ID of the connected user is used to determine the access privileges. However, the wire listener uses proxy users.