Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 9 Manipulating Storage Data Using TIBCO Object Service Broker MAP Tables : Understanding Security with TIBCO Object Service Broker MAP Tables

Understanding Security with TIBCO Object Service Broker MAP Tables
Due to the nature of MAP tables, normal TIBCO Object Service Broker security controls are largely inapplicable.
Behavior of Persistent Table Types
With ordinary persistent tables (for example, TDS), access to the table definition controls access to the data contained in the table, that is, the definition of a table uniquely identifies the data. Therefore, suitable setting of user and group access to the definitions controls who can read and write the data.
Behavior of Non-Persistent Table Types
Ordinary non-persistent tables (EES, TEM and SES) have global definitions but local data. Even if multiple users have access to the table definition, the data is always local to the transaction or session and there is no possibility of unauthorized access.
MAP Table Behavior
MAP tables are significantly different because the table definition plays no part in controlling access to the data. The definition specifies the layout of the data in storage and its mapping to fields but the location of the data in storage is uniquely specified by the value of the address parameter of the table.
MAP table data access is controlled indirectly using the system interpreted table @MAP. @MAP is used to allocate and register storage for use by MAP tables. Without this control, a user who is denied access to a MAP table definition could define a new MAP table and then at runtime supply the storage address of the desired data via the address parameter.
Accessing Data at a Particular Address with a MAP Table
To access data at a particular address with a MAP table, an occurrence representing that address must exist in the @MAP table. If no such occurrence exists, the table access fails and the DATAREFERENCE exception is raised. The ADDRESS field of @MAP can be thought of as a reference field for the address parameter of the MAP table. It is not necessary for the address of the occurrence in @MAP to exactly match the address parameter of the MAP table; access succeeds as long as the storage mapped by the MAP table does not extend outside the boundaries described by the occurrence in @MAP.
In addition, occurrences in @MAP contain an implicit permission for read-only access (GET and FORALL) or for read/write access (REPLACE). This permission is based on the parameter set of @MAP where the occurrence appears. All parameter sets except EXTERNALRO allow both read and write access. EXTERNALRO allows read access only.
See Also
TIBCO Object Service Broker Shareable Tools for more information on @MAP tool.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved