|
|
|
In VDBA, users are defined using user objects and, optionally, profile objects.
A user object specifies the user's name, default group, default profile, subject privileges, and several other attributes.
You can streamline the user authorization process using templates, or profiles. A profile is a set of subject privileges and other attributes that can be applied to one or more users.
|
|
|
Typically, the system administrator sets up a user object for the database administrator, who in turn sets up user objects for other users.
You can perform the following basic operations on user objects:
In VDBA, use the Users branch in the Database Object Manager window. For the detailed steps for performing these procedures, see online help.
In SQL, you can accomplish these tasks with the create user, alter user, and drop user statements. For more information, see the SQL Reference Guide.
Note: Many of the features associated with a user object, such as subject privileges, password, expiration date, and security auditing, are security-related features. For more information on security-related features, see the chapter "Ensuring Access Security."
|
|
|
After a user is created, associate object permissions with it, as described in Object Permissions. These permissions determine which objects (databases, tables, procedures, roles, and so on) the user can access, and what the user can do with the object (for example, update or only query a table).
You can also associate a user with a group. Groups are described in Groups and Roles.
|
|
|
You can perform the following basic operations on profile objects:
In VDBA, use the Profiles branch in the Database Object Manager window. For the detailed steps for performing these procedures, see online help.
In SQL, you can accomplish these tasks using the create profile, alter profile, and drop profile statements. For more information, see the SQL Reference Guide.
|
|
|
After a profile is created, you can associate it with a new or existing user object as the default profile for that user. By doing so, the attributes defined in the profile are associated with the user, and the user's attributes are updated whenever the profile is modified.
You can also set attributes directly at the user level to override settings at the profile level.
|
|
|
For example, a company conducts an analysis of the tasks and responsibilities of its database operators at multiple sites. They find three tasks that are common to this type of user: database and file location maintenance, debugging, and database backups.
They create a profile called dbop with the appropriate subject privileges—maintain_locations, trace, and operator—for maintaining databases. Whenever the company hires a new database operator, the database administrator can select the dbop profile from the Default Profile drop-down list when adding the new user with the Create User dialog. The maintain_locations, trace, and operator privileges (defined to the dbop profile) are automatically assigned to the user.
If the company wants to amend the dbop profile object to include the maintain_users privilege, the database administrator enables the Maintain Users privilege in the Alter Profile dialog. After saving the changes to the profile, the change automatically affects any user currently using the profile.
Because the dbop profile did not specify Query Text in the Security Audit group box, users associated with this profile are not audited for query text. To audit the query text for only one of the users associated with the dbop profile, turn on this option at the user level by using the Alter User dialog. This overrides the default for that particular user, without affecting any other users of the dbop profile.
|
|
|
If a user is not explicitly assigned a profile, the Ingres default profile is used. This initial default profile specifies the following:
You can alter the default profile but you cannot drop it.
In VDBA, in the Profiles branch in the Database Object Manager window, the default profile is indicated as (default profile). For more information, see online help topic Altering a Profile.
In SQL, you can change the default profile using the alter default profile statement. For more information, see the SQL Reference Guide.