Security System Concepts

Restriction: This topic applies to Windows environments only.

XDB Servers are shipped with security turned off to allow you unlimited access to the system. You can continue to operate without security indefinitely, if desired, even in a multi-user environment.

If you do plan to use the XDB Server security features, starting with security off gives you a flexible development environment. You can create locations, databases, and other objects, and set up the required AuthIDs (user names), passwords, groups, and privilege sets you will need for controlling user access before you turn on security.

In a multi-user environment, if security is on at the server, all users must have security on at their individual workstations. If security is off at the server, individual users can have security on, if desired, to protect against unauthorized access at the workstation.

After security is turned on, each user or process must log in with a valid AuthID. If the AuthID has a password defined and required, the password must be entered as well.

To turn server security off, a user must have a valid AuthID with appropriate privileges to be able to access the Security Option in the XDB Server Configuration utility or the Options window as appropriate.

One special AuthID, INSTALL, is created when you install the XDB Server. The INSTALL user is an XDB Server super user. If you do not turn on security, you will not need to be concerned with this special AuthID or its password.

Note:

As long as security remains off and you do not create additional AuthIDs, all objects you create will belong to the Primary AuthID indicated in your Profile (that AuthID becomes the qualifying name in the three-part object name:location-name.authid.object-name). When you install XDB Server, the default AuthID in Options is TUTORIAL. You might wish to change this AuthID if you plan to turn security on and add more users to your system at a later date.

You can change the AuthID that is used for object creator names by any of the following methods:

Change each client's Primary AuthID by entering the value into the AUTHID field of the Options dialog box's Connect tab.
Issue the SET CURRENT SQLID command before you create the object.
Explicitly specify a valid AuthID when you create the object (by specifying a two- or three-part name in the CREATE statement (if specifying a three-part name, the location part of the name must be the current location).

Alternatively, you can create several AuthIDs and grant a different privilege set to each, using these AuthIDs for different purposes. You can also create a group, which allows you to grant the same privilege set to several or many AuthIDs.

When security is on, the super user is a special user. A super user is the only one who can:

Create and drop locations.
Edit (update) system tables.
Assign super-user privileges to another AuthID.

The Admin menu commands are used to assign super-user privileges. The SQL Grant and Revoke commands cannot be used for assigning super-user privileges.

On a multi-user system (or any system where security is an issue), you should assign a password to the INSTALL SUPER USER AuthID. You might wish to set up a few additional AuthIDs with super-user privileges before you turn on security. This allows you to have several other trusted users as a backup to the XDB Server Administrator.