The following is an overview of the process used to set up and activate security. This procedure must be performed by someone
with super user authority.
Note: The following procedure assumes a single-server environment. If you are working in a multiserver environment or you are using
a global security server, see the chapter
Multiserver Security for additional setup procedures.
To set up security for an XDB Server:
-
At the XDB Server, use the XDB Server Configuration utility to enable the server security option. See the chapter
Server Configuration Utility for details.
Note: No one else is allowed access to the server until you are finished setting up user IDs and passwords.
- At the XDB Server or at any client workstation attached to the XDB Server, use the client options utilities (Options Utility) to select the XDB Server, specify your super-user ID, and enable security in the
Options Utility
To set the options:
- On the
Connect tab, select the XDB Server on which you want to set up security.
- On the
Connect tab, specify your super user ID (e.g., INSTALL).
- On the
Security tab, enable the
Client Security option.
- On the
Security tab, specify the
Default Enforcement Level. This value determines the level of complexity that all passwords must have. See the topicPassword Enforcement Level for more information.
-
Use
SQLWizard's User command or
the CREATE USER SQL syntax to create a user ID, password, and user type (user or super user) for each user of this XDB Server.
Only the users that you define during this step will be allowed to log on to the Server, and they must present the proper
user ID/password combination when they do so.
Note: Apart from permitting access to an XDB Server, the user ID you create in this step also serves as a users default AuthID.
You can override this default assignment by assigning a Secondary ID to the user, or the user can change it using the SET
CURRENT SQLID command.
- A group ID allows you to assign location-level, database-level, and table-level privileges to a group of users. To set up
group IDs, you can either use SQLWizard's Group command or run the following command:
insert into sysxdb.sysacfgroups('group_name', '');
You can also use a SecondaryID for this purpose. See the section
AuthID Ownership and Usage Rules for a comparision of group IDs and SecondaryIDs.
- Run the SQL GRANT and REVOKE commands from an SQL utility (i.e. SQLWizard) to assign specific privileges (or pre-defined sets
of privileges called authorities) to each AuthID or GroupID. Privileges and authorities are granted within each location.
See the topic
Granted Authorities and Privileges topic for more information.
- When you are finished creating users, run client options/configuration utilities at each user's workstation and turn on the
Client Security option. On the Security tab, specify the Default Enforcement Level. Each client must agree with the server
about the password enforcement level. See the section
Password Enforcement Level for more information. You must also inform your users of their new user IDs and passwords. Once they log on, they can change
their password using the SQLWizard Change Password command or run the ALTER PASSWORD SQL command.