Managing privilege-based users and privileges

Privilege-based users and their privileges (database privileges and object privileges) are added and managed using SQL statements — e.g., GRANT and REVOKE (see Statements for managing privilege-based users and privileges).

When a system catalog is first generated with support for privilege-based users, or when users are initialized, the system catalog will have

Important

For security, change passwords for the initial set of users.

To add, view, or manage privilege-based users and their privileges, do the following:

Important

Using dbcreate with the -c and -a options will restore the initial state of GENESIS_USERS and GENESIS_AUTHS, eliminating any changes you've made to users and privileges, unless you also use the -n option for dbcreate.

U_NAME - user name

U_PASSWORD - password (encrypted)

U_DBA - Y or N indicating whether the user has the DBA database privilege

U_CONNECT - Y or N indicating whether the user has the CONNECT database privilege

U_RESOURCE - Y or N indicating whether the user has the RESOURCE database privilege

U_GROUP - Indicating whether the user is one of the initial DBA users (i.e., has a setting of 255)

See GRANT (database privileges) for information on the CONNECT, RESOURCE, and DBA privileges.

You can use the DBA program to view a list of privilege-based users, but the list includes little more than user names. To see this list, open the system catalog in DBA (see Opening the system catalog in DBA), and select Maintenance > Users from the menu.

A_USER - the user that the privileges are assigned to

A_DATABASE - the name of the database

A_OWNER - the owner of the object (table or view)

A_TABLE - the table or view that the privilege is granted for

A_SELECT - Y or N indicating whether the user has permission to use SELECT statements with the table or view

A_INSERT - Y or N indicating whether the user has permission to use INSERT statements with the table or view

A_UPDATE - Y or N indicating whether the user has permission to use UPDATE statements with the table or view

A_DELETE - Y or N indicating whether the user has permission to use DELETE statements with the table or view

See GRANT (object privileges) for more information.

A privilege-based user cannot be removed from the system catalog. However, you can make a privilege-based user inactive by revoking all database privileges for the user.