Defining Clear Authorizations for Users

To ensure that users have only the authorizations that they need for their work, we recommend the following measures:

?     Create an authorization concept that specifies clear authorizations for individual users:

0     Define which database users are to have access to which data.

0     Define which Database Manager operators are to carry out which administration tasks.

?     Create a separate database user for each person who works with the database instance. In doing this, use the user classes STANDARD and RESOURCE where possible.

?     Distribute the administration tasks. In addition to defining the database system administrator, define database users of the user class DBA and Database Manager operators.

?     Assign Database Manager operators only those server authorizations that they really need.

In some cases it can make sense to create a Database Manager operator that can check the operational state of the database instance but cannot perform any administration tasks.

Creating Database Users and Defining User Classes

On Microsoft Windows, use the database tool Database Manager GUI:

Database Manager GUI, Creating/Changing/Deleting a Database User

In other operating systems, use the database tool SQLCLI and the corresponding SQL statements for the authorization of users:

SQLCLI, Executing an SQL Statement

SQL Reference Manual, Authorization

Creating Database Manager Operators and Adjusting Server Authorizations

To create Database Manager operators, use the database tool Database Manager:

Database Manager GUI, Creating/Changing/Deleting a Database Manager Operator

Database Manager CLI, user_create

To adjust the server authorizations of Database Manager operators, use the database tool Database Manager:

Database Manager GUI: Changing the Server Authorizations

Database Manager CLI: user put