This chapter describes how to authorize users to access Ingres. It focuses on defining database objects, which is usually performed by a database administrator, but can also be performed by the system administrator or a separate security administrator, depending upon your organization.
Also discussed are groups and roles, which are mechanisms for categorizing users who perform similar tasks.
|
|
|
Two steps are required to establish access to Ingres:
The system administrator sets up accounts for local users and for those remote users who access the product through a local account. This step is optional if an installation password is defined, in which case users access Ingres directly, without having to go through a local account.
All accounts can be set up before or after Ingres is installed, except for the installation owner account, which is set up during installation. This special account belongs to the system administrator, and is assigned maximum Ingres privileges to perform all operations.
After the accounts are set up, a database administrator or system administrator starts Ingres and uses Visual DBA (VDBA) to define user objects. Part of the user object definition is a user ID, which corresponds to the user ID used to log on to the operating system.
|
|
|
Ingres is designed for a wide variety of users, from database management experts who create and maintain databases, to end users who only examine or update data. Moreover, users can have multiple roles. For example, a user can be the database administrator of one Ingres database and the end user of another.
One company, for example, can have a single database administrator who controls all access to databases, whereas another company has a primary database administrator at its corporate headquarters and a local database administrator at each of its satellite sites. In the latter case, the primary database administrator controls access to corporate databases, such as sales, inventory, payroll, and human resources; and the local database administrators are responsible for authorizing access to production or research databases.
Regardless of the type of enterprise, if you are a database administrator who has been granted the maintain_users privilege, you are able to add new users to an Ingres database.