The procedure for suspending the Directory Server linkage facility is explained below.
- Procedure
- If table access privileges have been granted to roles, revoke the privileges for the roles while using the Directory Server linkage facility.
- Use the pdstop command to normally terminate HiRDB.1
- Delete the pd_directory_server operand and suspend usage of the Directory Server linkage facility. Once this operand has been deleted, privileges for roles cannot be revoked.2
- Use the pdstart command to start HiRDB. Use HiRDB to check user privileges.
- Register in HiRDB all the necessary user privileges.3
- Delete HiRDB user information from the Directory Server as necessary.
- 1 The system reconfiguration command (pcdhgconf command) makes it possible to modify HiRDB system definitions while HiRDB is operating. In such a case, it is not necessary to terminate HiRDB. Note that HiRDB Advanced High Availability must be installed in order to use this command. For details about modifying HiRDB system definitions while HiRDB is operating, see 9.2 Modifying HiRDB system definitions while HiRDB is running (system reconfiguration command).
- 2 If the pd_directory_server operand is deleted without deleting the privileges for roles, the following problems will occur:
- If a role uses the same name as a user ID and access privileges were granted to both names, it may not be possible to distinguish between the names when acquiring table access privileges information. For details, see 24.5.2 Acquiring table access privileges information.
- 3 User privileges must be registered for the following users:
- Users with the DBA privilege (including the HiRDB administrator)
Users have already been registered into HiRDB. Registering users is not necessary unless they were deleted while HiRDB was operating. However, if a user's password was not specified when DBA privileges were granted, that user will not be able to use the granted DBA privilege. If this situation occurs, use the GRANT DBA statement or GRANT CONNECT statement to register the user's password.
- Users with the schema definition privilege
Users have already been registered into HiRDB. Registering users is not necessary unless they were deleted while HiRDB was operating. However, if a user who does not have DBA privilege was granted schema definition privilege, no password is registered for that user. If this situation occurs, use the GRANT CONNECT statement to register the user's password.
- Users with the audit privilege
Users have already been registered into HiRDB. Registering users is not necessary unless they were deleted while HiRDB was operating.
- All other users
If CONNECT privileges was not registered into HiRDB for some users, register this privilege into HiRDB for these users.
- Accessing tables
If table access privileges were granted only to the role you belong to, you will not have table access privileges and will not be able to access any tables. If this situation occurs, request the administrator to grant you table access privileges. Also, you will only be able to use privileges information that was granted to your role. Request the administrator to provide the necessary privileges information to you.
- Incorrect passwords
If the password registered into HiRDB is incorrect, use the GRANT CONNECT statement to modify the registered password.