Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
11121314151617181920
platform can be customized to accommodate different directory schemas, routing methods, and
other features that can vary among directory implementations.
For more information about LDAP integration on Neoview, including a list of tasks the Security
Administrator needs to perform using HPDM or NCI, see “LDAP Integration Overview”
(page 63).
Special Roles for HP Support and System Software
One design objective of the Neoview platform is to restrict HP Support from viewing customer
data. Therefore, in contrast with the user and role model described earlier, four special roles are
defined for use by Support and the Neoview system software:
SUPER.SUPER
SUPER.SERVICES
HP.SDI
HP.VTS
SUPER.SUPER (called the super ID in some Neoview documentation) has unrestricted access to
system resources. Therefore it is completely controlled by the customer and must be carefully
managed. Any use of the SUPER.SUPER role should be under very tight control.
SUPER.SERVICES (called the services ID in some Neoview documentation) can perform operations
that are required for system troubleshooting but that do not expose customer data. The services ID
is available to HP Support to fix problems and make adjustments not available to non-super
users. This role is available only to HP Support and is not available to customers. It is pre-installed
as part of the system installation procedure.
HP.SDI is for use by HP consultants who assist in troubleshooting query performance on the
Neoview platform and need occasional access to platform-level command interpreters.
HP.VTS is used only on the Neoview Virtual TapeServer, which is used for backup and recovery
operations and is managed by HP Support.
Users who have any of these roles assigned to them are platform users and have access to
command-line troubleshooting tools not available to other users. A platform user has only one role.
The interfaces that assign database roles to users cannot be used to assign, to any database user, the
privileges appertaining to SUPER.SUPER, SUPER.SERVICES, HP.SDI, or HP.VTS, and a user assigned
the privileges of any of these IDs cannot be assigned any other role.
User and Role Names and Associated Functions
All users log on to the Neoview platform with names and passwords, but the rules pertaining
to names and passwords vary with the type of user.
NOTE: In Release 2.5 and any subsequent release of the Neoview platform, no user can log on
by specifying a role, such as ROLE.MGR or SUPER.SERVICES, in lieu of a user name. This
restriction is enforced even in the platform-level command interpreters used by HP Support and
consulting personnel.
Database User Names and Roles
Most users log on with individual user names associated with database roles, such as ROLE.DBA.
These users log on to the Neoview platform for access to database objects and are therefore called
database users. A user's role determines the objects to which the user has access and the privileges
the user has with respect to those objects.
A database user name can consist of up to 128 characters, potentially including a domain name
and separator character. Commas are not allowed. For example, a database administrator might
log on to the Neoview platform with the name elspeth.jordan@welt.com,
Special Roles for HP Support and System Software 19