Managing level-based users and groups
This topic includes the following sections, which discuss how to create and modify level-based users and groups (not privilege-based users). For general information on users, groups, and table access, see Managing access with users, groups, and table settings.
- Initializing level-based users and groups
- Viewing group information
- Creating a group
- Modifying a group
- Deleting a group
- Viewing users in a group
- Viewing user information
- Adding a user
- Modifying a user
- Deleting a user
With level-based users, a user’s access (access to specific tables, read-only vs. read/write access, and whether the user can open a system catalog in the DBA program) is determined by membership in a group. To create users with different access levels, create groups with different access levels, and then assign users to the groups. For information on how group/user access levels and table access levels work together to control data access, see Managing access with users, groups, and table settings.
If level-based users and groups were initialized when the system catalog was generated (see Initializing level-based users and groups below), the system catalog will have a default set of users and groups. You can use these as is, or you can modify them. You can also create your own. Note that when you create or modify users or groups in DBA, the DBA updates the system catalog, so there is no need to regenerate it.
Initializing level-based users and groups
Initializing user and groups removes any users and groups you have added, and it removes modifications you have made to default users and groups (i.e., restores default users and groups to their original settings). |
DBA and dbcreate have options that enable you to initialize level-based users and groups — that is, create or return to an initial, default set of level-based users and groups. This default set includes the following three users and two groups. (For information on access levels, see Understanding access levels for tables and groups.)
Username |
Default password |
Assigned group |
Access level |
---|---|---|---|
DBA |
MANAGER |
SYSTEM |
254 |
DBADMIN |
MANAGER |
SYSTEM |
254 |
PUBLIC |
No password |
USER |
100 |
You can initialize users and groups as you generate or regenerate a system catalog, and you can initialize them for an existing system catalog without regenerating it.
- For information on initializing as you generate or regenerate a system catalog, see Generating the system catalog.
- For information on initializing without regenerating the system catalog, see Using DBA to initialize without regenerating below and Initializing from the command line without regenerating below.
For information on access levels, see Managing access with users, groups, and table settings.
For security, change passwords after initializing users and groups. |
Using DBA to initialize without regenerating
To use DBA to initialize level-based users and groups without regenerating the system catalog,
1. | Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA. |
2. | Select Maintenance > Initialize Users & Groups. The following prompt is displayed: |
Do you want to overwrite the existing table?
3. | To initialize users and groups, select Yes. |
Initializing from the command line without regenerating
To initialize level-based users and groups from the command line without regenerating the system catalog, do one of the following, where connect_string has the user_name/password/connect_filename format. (For information on DBA command-line options, see Options .)
- At a Windows or Unix prompt, use the following syntax:
dbr SODBC_DBA:xfdba.dbr -c connect_string -i
- At an OpenVMS prompt, use the following syntax:
$ XFDBA -C connect_string -I
For example, to initialize level-based users and groups for the sample database on Windows or Unix, enter
dbr SODBC_DBA:xfdba.dbr -c DBADMIN/MANAGER/sodbc_sa -i
To initialize level-based users and groups for the sample database on OpenVMS, enter
$ XFDBA -C DBADMIN/MANAGER/SODBC_SA -I
These examples assume that your connect file is sodbc_sa, that SODBC_DBA is set to the directory where the DBA program resides, and that the connect file is located in the GENESIS_HOME directory.
Viewing group information
1. | Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA. |
2. | Select Maintenance > Groups. The Group List window displays a list of groups with the following information: |
GID — An automatically assigned group ID number.
Name — The alphanumeric identifier for each group.
Users — The number of users assigned to each group.
Access — The access level of each user in the group (numeric, from 0 to 255).
Description — A brief description of each group.
Creating a group
You can create up to 999,999 groups, and you can assign a maximum of 255 users to a group.
1. | Open the Group List window. (See Viewing group information.) |
2. | Select Group Maintenance > New Group. |
3. | Complete the fields in the Group window: |
Group ID
An automatically assigned group number. This field is not modifiable.
Group name
Enter an alphanumeric identifier of up to 10 characters.
Access level
Enter a number between 0 and 255 that determines users’ read/write access to data. This level determines the access level of all users in the group. Note that a group must be set to at least 100 for users in that group to access the database.
We recommend that you use levels 254 and 255 for administrative users only. For more information on setting access levels, see Managing access with users, groups, and table settings.
Num of users
The total number of users assigned to this group. This field is not modifiable.
Description
(optional) Enter an alphanumeric description of up to two lines of 30 characters.
4. | Select OK or press F4. |
Modifying a group
1. | Open the Group List window. (See Viewing group information.) |
2. | In the Group List window, highlight the group you want to modify. |
3. | Select Group Maintenance > Modify Group. |
4. | Make any changes. (See Creating a group above for information on settings for groups.) Then select OK or press F4. |
Deleting a group
1. | Open the Group List window. (See Viewing group information.) |
2. | In the Group List window, highlight the group you want to delete. A group that has users cannot be deleted (users must first be deleted or assigned to other groups). |
3. | Select Group Maintenance > Delete Group. A window is displayed with the selected group’s name and description and the following prompt: |
Do you want to delete the current entry?
4. | To delete the group, select Yes. |
Viewing users in a group
1. | Open the Group List window. (See Viewing group information.) |
2. | Highlight the group in the Group List window. |
3. | Select Group Maintenance > View Users. The User List window opens. For information on this window, see Viewing user information. |
Viewing user information
1. | Open the system catalog in DBA (see Opening the system catalog in DBA), and close any open lists or input windows in DBA. |
2. | Select Maintenance > Users. The User List window displays the following information for each user: |
Name — A case-sensitive alphanumeric identifier.
Password — A case-sensitive alphanumeric password. Users are not required to have passwords.
Full name — The user’s full name.
GID — The ID of the group the user belongs to.
Adding a user
You can add up to 255 users to a group.
1. | Open the system catalog in DBA, and open the User List window. (See Viewing user information above.) |
2. | Select User Maintenance > New User. The User window is displayed. |
3. | Enter data in each field as described below. |
User name
Enter an alphanumeric identifier for the user you are creating. It can be up to 10 characters long. This field corresponds to the Name column in the User List window and is case sensitive.
Password
(optional) Enter an alphanumeric password. It can be up to 10 characters long. Passwords are case-sensitive and are visible only to users who can open DBA (users with an access level of 254 or greater). Eight-bit ASCII characters and the following are not valid for passwords: spaces, double quotes ("), the at sign (@), slashes (/), and backslashes (\).
Group ID
Enter the ID of the group you want to assign a user to. A user’s access level is determined by the group it belongs to. To view a list of available groups, select User Maintenance > Select Group.
Full name
(optional) Enter the user’s full name. It can be up to 40 characters long.
Description
(optional) Enter an alphanumeric description of the user. The description can be up to 60 characters long.
Modifying a user
1. | Open the User List window. (See Viewing user information above.) |
2. | Highlight the user in the User List window. |
3. | Select User Maintenance > Modify User. |
4. | Make any changes. Then select OK or press F4. |
Deleting a user
1. | Open the User List window. (See Viewing user information above.) |
2. | Highlight the user in the User List window. |
3. | Select User Maintenance > Delete User. A window is displayed with the selected username and the following prompt: |
Do you want to delete the current entry?
4. | To delete the user, select Yes. |