Command Description

useradd -u 3000 albert to add user to the OS

passwd albert (example passww0rd)
CREATE ROLE BRANCH_A_ROLE;
GRANT SELECT ON HR.STAFF TO ROLE BRANCH_A_ROLE;
GRANT ROLE BRANCH_A_ROLE TO USER Albert;
ALTER TABLE HR.STAFF
ACTIVATE ROW ACCESS CONTROL;
hdfs dfs -chmod 777 /apps/hive/warehouse
su - hdfs
hdfs dfs -mkdir /user/henry
hdfs dfs -chown henry:henry /user/henry
hdfs dfs -chmod 755 /user/henry
hdfs dfs -ls /user/
hdfs dfs -mkdir /user/henry/data
hdfs dfs -put
/usr/ibmpacks/current/bigsql/bigsql/samples/data/GOSALESDW directory.
.SLS_SALES_FACT.txt /user/henry/data/
hdfs dfs -ls /user/henry/data
Set the passwords for the user
to create the roles and assign the privileges
GRANT the user albert to BRANCH_A_ROLE
ALTER TABLE statement with the ACTIVATE ROW
ACCESS CONTROL clause to activate row access control
for table
set the /apps/hive/warehouse directory on HDFS to
777
Create a folder on HDFS for the user henry and set the
appropriate
permissions
Verify that the folder has been properly created with
the appropriate permissions
Create a data directory.
Copy the SLS_SALES_FACT.txt file into the data
Verify that the copy was successful
Creation table

insertion dans la table

afficher les contenu de table

FINANCE_ACCESS: permission-name

ON HR.STAFE: table-name identifies the table on which the row permission is created

FOR ROWS WHERE: Indicates that a row permission is created. A row permission specifies a
search condition under which rows of the table can be accessed (Une autorisation de ligne
spécifie une condition de recherche sous laquelle les lignes de la table sont accessibles)

VERIFY_ROLE_FOR_USER : function returns a value that indicates whether the roles that
are associated with the authorization ID that is specified in the first argument are included
in the role names that are specified in the list of the second argument.

SESSION_USER: Specifies the value of the SESSION_USER (or USER) special register

The result is 1 if any of the roles that are associated with the user that is identified by the
SESSION_USER

ENFORCED FOR ALL ACCESS: Specifies that the row permission applies to all references of the table

DISABLE or ENABLE: DISABLE  Specifies that the row permission is to be disabled for row access control

ENABLE  Specifies that the row permission is to be enabled for row access control

AND HR.STAFF.BRANCH_NAME = 'Branch_B': to see Branch_B data only

CREATE MASK statement to create column masks that allow each role to receive certain masked values from specific columns

SALARY_MASK: Specifies the names the column mask

ON HR.STAFF: Identifies the table for which the column mask is created

FOR COLUMN: Identifies the column to which the mask applies

RETURN CASE : Specifies a CASE expression that determines the value

that is returned for the column

DISABLE or ENABLE

DISABLE: Specifies that the column mask is to be disabled for column

access Control.

ENABLE specifies that the column mask is to be enabled for column access control

ALTER TABLE statement with the ACTIVATE ROW ACCESS CONTROL clause to activate row access control for table

Db2_warehouse: server-name specifies the name of the data source that is being defined to the federated database

TYPE server-typeDB2/UDB: Specifies the type of the data source that is being defined to the federated database, and determines the default wrapper that is
used.

VERSION: Specifies the version of the data source denoted by server-name

AUTHORIZATION remote-authorization-name: Required only for Db2 family data sources. Specifies the authorization ID under which any necessary actions are
performed at the data source when the CREATE SERVER statement is processed

PASSWORD: Required only for Db2 family data sources. Specifies the password associated with the authorization ID represented by remote-authorization-name.

OPTIONS: Specify configuration options for the for the server to be created. Which options you can specify depends on the data source of the object for which a
server is being created.
Db2_warehouse A name that you assign to the Db2 database server. TYPE DB2/udb: Specifies the type of data source server to which you are
configuring access. VERSION 11:The version of the Db2 database server that you want to access. AUTHORIZATION "<userid>" The authorization
ID at the data source. PASSWORD "<password>" The password that is associated with the authorization ID at the data source. HOST
‘<hostname>’ host name alias, or IP address of the host for the Db2 database that you want to access. PORT '50000' The port on which the Db2
database that you want to access is listening. DBNAME 'BLUDB'
An alias for the Db2 database that you want to access.

Bigsql: Maps the local authorization ID to the remote user ID and password.
SERVER db2_warehouse: Specifies the name of the Db2 family data source server that you defined in the CREATE SERVER statement.
REMOTE_AUTHID '<userid>': Specifies the connect user ID at the Db2 family data source server to which you are mapping db2_warehouse.
REMOTE_PASSWORD '<password>': Specifies the password that is associated with '<userid>'.

db2_warehouse_gosalesdw_mrk_promotion_fact: A unique nickname that identifies the Db2 table or view

db2_warehouse.gosalesdw.mrk_promotion_fact :
 db2_warehouse: is the name that you assigned to the Db2 database server in the CREATE SERVER statement
 gosalesdw: is the user ID of the owner of the table or view
 mrk_promotion_fact: is the name of the remote table or view that you want to access.