Use SPL routines to control access to data

You can use an SPL routine to control access to individual tables and columns in the database. Use a routine to accomplish various degrees of access control. A powerful feature of SPL is the ability to designate an SPL routine as a DBA-privileged routine. When you write a DBA-privileged routine, you can allow users who have few or no table privileges to have DBA privileges when they execute the routine. In the routine, users can carry out specific tasks with their temporary DBA privilege. The DBA-privileged routine lets you accomplish the following tasks:

• You can restrict how much information individual users can read from a table.
• You can restrict all the changes that are made to the database and ensure that entire tables are not emptied or changed accidentally.
• You can monitor an entire class of changes made to a table, such as deletions or insertions.
• You can restrict all object creation (data definition) to occur within an SPL routine so that you have complete control over how tables, indexes, and views are built.