Neoview User Management and Security Administration Guide (R2.5)

1 Introduction to Security on the Neoview Platform

Authentication and Authorization on the Neoview Platform

A user logs on to the Neoview platform using a convenient name, such as jsmith or agent123,

and a password. This combination of name and password is used to authenticate the user—to

verify that the user is known on the Neoview platform and is, by virtue of having supplied the

correct password, who he or she claims to be.

In many customer environments, the name and password with which a database user logs on

match the user's name and password in an external directory, as described in “LDAP Integration”

(page 18). When the user logs on, the ODBC or JDBC client encrypts the password; then the

Neoview security infrastructure sends the logon information to the external directory server for

authentication, as shown in Figure 1-1.

Figure 1-1 Neoview on the Corporate Network

Alternatively, or in addition to these remotely authenticated database users, you can define users

whose names and passwords are managed entirely on the Neoview platform; in this scenario,

there is no need for an external directory—or even if such a directory exists, it need not be

available in order for these locally authenticated database users to log on.

NOTE: In most contexts, a database user is not aware of whether his or her credentials are

authenticated locally or remotely. Most external differences apparent to users are related to

password length, quality rules, and policies governing password expiration, as described in

“Password Security” (page 23).

In contrast with database users, the Neoview security infrastructure includes platform users,

defined for system management and troubleshooting. The authentication of all such special users

Authentication and Authorization on the Neoview Platform 17