Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

Table 1-1 Predefined Users and Roles (continued)

FunctionRole

This role belongs to the database administrator and authorization manager, who:

• Grants and revokes database access privileges to users (by associating those privileges

with roles)

• Creates new objects in schemas owned by users who have the role ROLE.DBA.

• Owns the schema called DB, which is used to create database tables for end users.

This schema includes dimension and fact tables for the data warehouse

• Monitors database queries and performs workload management tasks, including

stopping a query started by some other user

• Has administrator privileges in Neoview Workload Management Services (WMS)

• Has NDCS operator privileges, required for managing data sources

You can assign the ROLE.DBA role to any number of individual users, as either the

user's main role (called the “default role” or the “primary role” on different interfaces)

or as a secondary role.

NOTE: Database administration tasks for a particular schema can be performed by

any user having the role that owns the schema. For example, if you defined the role

ROLE.HR and created the schemas HR1, HR2, and EMPLOYEES in that role, any user

assigned the role ROLE.HR could administer objects in those schemas.

ROLE.DBA

This role belongs to an end user, who:

• Creates objects in schemas owned by the users who have the role ROLE.USER.

• Accesses objects belonging to administrator schemas for which the user is granted

permission

• Owns the USR schema, which is required by some third-party tools that create

temporary tables. You can also use this schema to create other temporary or work

tables.

You can assign the USER role to any number of individual users. Alternatively, you

can drop the USR schema, delete the role ROLE.USER, and define new roles and

schemas to fit business requirements.

ROLE.USER

This special role, sometimes called the “super ID,” always exists on the Neoview

platform and is used internally by the operating system to manage operations. This

role also owns all roles and the special platform roles SUPER.SUPER and

SUPER.SERVICES.

The SUPER.SUPER password should be kept under break-glass control.

SUPER.SUPER (and

predefined user name

“SUPERUSER”)

This special role, sometimes called the “services ID,” is available to HP Support to fix

problems and make adjustments that cannot be made by customers. This role can stop

any process but cannot debug or suspend any process. This role is not used by

customers.

SUPER.SERVICES (and

predefined user name

“HPSUPPORT”)

This special role is available to HP consulting personnel, who typically assist in

troubleshooting query performance. Users with this role have no special privileges

with respect to the database but have access to platform-level command interpreters.

HP.SDI

This special role is for use only on the external Virtual TapeServer (VTS) server. HP

Support configures the VTS server to prohibit access to customer data by HP personnel.

HP.VTS (and predefined

user name “VTS”)

This special role is used exclusively with the SAP application.SAP.USER

Roles and Role Assignment

From the average Neoview user’s point of view, the roles that initially exist on the Neoview

platform are:

• ROLE.SECMGR

• ROLE.MGR

• ROLE.DBA

• ROLE.USER

22 Introduction to Security on the Neoview Platform