Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

Table 1-1 Predefined Users and Roles

FunctionRole

Users in this role can:

• Create new roles

• Define locally authenticated database users and register remotely authenticated

database users, except users having the ROLE.SECMGR role

NOTE: Names and passwords of remotely authenticated database users are defined

and managed on the external directory server. However, in order to log on to the

Neoview database, such users must also be registered on the Neoview platform.

• Assign roles to database users and revoke roles from database users, except to grant

ROLE.SECMGR to any user or to revoke ROLE.SECMGR from the predefined user

SECURITYMGR

• Delete users, change users' roles, and perform other user-management functions

• Alter passwords and password expiration attributes for locally authenticated

database users (except a user whose only role is ROLE.SECMGR), but not for

remotely authenticated database users (whose passwords are managed on the

external server) or for platform users (whose passwords are managed by

ROLE.SECMGR)

• Alter passwords for predefined database roles, except ROLE.SECMGR

• Create new objects in schemas owned by ROLE.MGR

You can assign the ROLE.MGR role to any number of individual users, as either the

user's main role (called the “default role” or the “primary role” on different interfaces)

or as a secondary role.

ROLE.MGR (and

predefined user name

“USERMGR”)

Users in this role can:

• Create locally authenticated database users with the role ROLE.SECMGR, or register

remotely authenticated users with the role ROLE.SECMGR

• Grant ROLE.SECMGR to database users already assigned other roles

• Create and delete individual accounts for platform users

• Alter passwords and password expiration attributes for most platform users and

roles, including SUPER.SUPER (see “Changing Passwords for Predefined Users

and Roles” (page 35))

• Alter passwords and password expiration attributes for locally authenticated

database users who have ROLE.SECMGR among their roles

• Configure LDAP servers (including Microsoft Active Directory), and manage LDAP

server configuration

• Create and install certificates for use in encrypting passwords

• Configure Neoview security policies

• Create new objects in schemas owned by ROLE.SECMGR

• Control access to dump files

A user in this role also has NDCS operator privileges, which are required to manage

data sources, but routine data source management is generally performed by a user in

role ROLE.DBA.

You can assign the ROLE.SECMGR role to any number of individual users, as either

the user's main role (called the “default role” or the “primary role” on different

interfaces) or as a secondary role.

ROLE.SECMGR (and

predefined user name

“SECURITYMGR”)

User and Role Names and Associated Functions 21