Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

111

112

113

114

115

116

117

118

119

120

CREATE USER Command (platform users, database users)

This command creates a new platform user or locally authenticated database user or registers a

user already created on a remote directory server. Only a user in the role ROLE.SECMGR may

create a platform user or a database user with the role ROLE.SECMGR. Only a user in the role

ROLE.MGR may create a database user, other than a database user assigned the role

ROLE.SECMGR.

In the case of a remotely authenticated database user, this command validates the LDAP user

name with the LDAP server to verify that the user exists in the external directory. If you

subsequently delete the user from the external directory, you should also delete the user from

the Neoview platform. (This step is not strictly required—a user whose name has been deleted

from the external directory won't be able to log on to the Neoview database in any case—but it

serves no purpose to have a user registered on Neoview if the user cannot be authenticated.)

Syntax

For a platform user

[.SEC] CREATE {PLATFORM|PF} USER username ,ROLE [rolename],PASSWORD [password] [,EXPIRY-DAYS [days]] [,EXPIRY-DATE [date]]

For a locally authenticated database user

[.SEC] CREATE [{DATABASE|DB}] USER username LOCAL , ROLE [rolename],PASSWORD [password] [,EXPIRY-DAYS [days]] [,EXPIRY-DATE

[date]];

For a remotely authenticated database user

[.SEC] CREATE [{DATABASE|DB}] USER username [REMOTE], ROLE [rolename];

Parameters

• DATABASE|DB signifies that the user is either a locally or a remotely authenticated database

user. If you specify neither this parameter nor PLATFORM|PF , a database user is created by

default.

• PLATFORM|PF signifies that the user is a platform user. If you specify neither this parameter

nor DATABASE|DB , a database user is created by default.

• LOCAL|REMOTE indicates whether a database user is a locally or remotely authenticated:

— LOCAL means the user is locally authenticated.

— REMOTE means the user is remotely authenticated.

If you specify DATABASE or DB but do not specify LOCAL nor REMOTE, then:

— If an external directory server is configured and available, a remotely authenticated

database user is created.

— If an external directory server is not configured, a locally authenticated database user

is created, provided that the command includes a password for the new user. If no

password is provided, an error occurs.

— If an external directory server is configured but unavailable, an error occurs.

• username is the user name, which must be unique on the platform. The length and characters

permissible in user names depend on whether you are creating a platform user or a database

user:

114 User and Role Management