Setting Up Security

Restriction: This topic applies to Windows environments only.

The following is an overview of the process used to set up and activate security. This procedure must be performed by someone with super user authority.

Note: The following procedure assumes a single-server environment. If you are working in a multiserver environment or you are using a global security server, see the chapter Multiserver Security for additional setup procedures.

To set up security for an XDB Server:

  1. At the XDB Server, use the XDB Server Configuration utility to enable the server security option. See the chapter Server Configuration Utility for details.

    Note: No one else is allowed access to the server until you are finished setting up user IDs and passwords.
  2. At the XDB Server or at any client workstation attached to the XDB Server, use the client options utilities (Options UtilityUser Profile Utility) to select the XDB Server, specify your super-user ID, and enable security in the Options UtilityConfiguration Utility

    To set the options:

    Windows:
    • On the Connect tab, select the XDB Server on which you want to set up security.
    • On the Connect tab, specify your super user ID (e.g., INSTALL).
    • On the Security tab, enable the Client Security option.
    • On the Security tab, specify the Default Enforcement Level. This value determines the level of complexity that all passwords must have. See the topicPassword Enforcement Level for more information.
    UNIX:
    • On the main menu of the User Profile utility, select Multiuser Options.
    • Press F4 XDB Server.
    • Enter the XDB Server on which you want to set up security.
    • Press F7 Primary Authorization ID.
    • Enter your super user ID (e.g., INSTALL).
    • On the main menu of Configuration Utility, select Set Security Options.
    • Press Password Security to toggle it on and off.
    • Select ON and exit.
  3. Use SQLWizard's User command or the CREATE USER SQL syntax to create a user ID, password, and user type (user or super user) for each user of this XDB Server. Only the users that you define during this step will be allowed to log on to the Server, and they must present the proper user ID/password combination when they do so.

    Note: Apart from permitting access to an XDB Server, the user ID you create in this step also serves as a users default AuthID. You can override this default assignment by assigning a Secondary ID to the user, or the user can change it using the SET CURRENT SQLID command.
  4. A group ID allows you to assign location-level, database-level, and table-level privileges to a group of users. To set up group IDs, you can either use SQLWizard's Group command or run the following command:
     insert into sysxdb.sysacfgroups('group_name', '');

    You can also use a SecondaryID for this purpose. See the section AuthID Ownership and Usage Rules for a comparision of group IDs and SecondaryIDs.

  5. Run the SQL GRANT and REVOKE commands from an SQL utility (i.e. SQLWizard) to assign specific privileges (or pre-defined sets of privileges called authorities) to each AuthID or GroupID. Privileges and authorities are granted within each location. See the topic Granted Authorities and Privileges topic for more information.
  6. When you are finished creating users, run client options/configuration utilities at each user's workstation and turn on the Client Security option. On the Security tab, specify the Default Enforcement Level. Each client must agree with the server about the password enforcement level. See the section Password Enforcement Level for more information. You must also inform your users of their new user IDs and passwords. Once they log on, they can change their password using the SQLWizard Change Password command or run the ALTER PASSWORD SQL command.