Previous Topic Next topic Print topic


Security System Concepts

Restriction: This topic applies to Windows environments only.

XDB Servers are shipped with security turned off to allow you unlimited access to the system. You can continue to operate without security indefinitely, if desired, even in a multiuser environment.

In a multiuser environment, if security is on at the server, then all users must have security on at their individual workstations. After security is turned on, each user or process must log in with a valid AuthID (a "user ID"). If the AuthID has a defined and required password, the password must be entered as well. When the user attempts to access a table, the server also verifies that the user has privileges to that table, which were set up using the GRANT and REVOKE commands. Only someone with super user privileges can establish AuthIDs and passwords.

Super Users

Each XDB Server is shipped with one super user called INSTALL. A super user is the only user who can:

You can create other super users at your discretion using the SQLWizard Users command on the Admin menu. (Windows) or by executing the CREATE USER SQL command in the Interactive SQL Utility (UNIX). (The SQL GRANT and REVOKE commands cannot be used for assigning super user privileges.)

The syntax for CREATE USER is as follows:

CREATE USER username TYPE [ USER | SUPERUSER ] PASSWORD password REQUIRED [ YES | NO ] option_list

where option_list is defined as:

SECONDARY ID authid GROUP group_list PRIORITY priority ACCESS AUTHORITY [ YES | NO ] COMMENT quoted-string

Requirements for XDB passwords can be controlled on an XDB user basis. ACCESS AUTHORITY set to NO completely disables an XDB user id. The SECONDARY ID, GROUPS, and PRIORITY concepts are all discussed in greater detail in the section System Level Access Control.

Super user privileges should be limited to a few trusted users with database administration expertise.

Note: In effect, when security is off, all users are super users. As long as security remains off, the Primary AuthID indicated in your client configuration is used as the qualifying name in the three-part object name:

location-name.authid.object-name.

Note: The INSTALL user ID that is shipped with an XDB Server does not have a password assigned to it. Use the SQLWizard Users command or run the ALTER PASSWORD SQL command to assign a password to this user ID as soon as possible. The syntax for ALTER PASSWORD is as follows:
 ALTER PASSWORD old_password TO new_password
Previous Topic Next topic Print topic