Directory Server provides centralized management of the CONNECT privilege information that was previously managed by HiRDB and performs user authentication whenever a user attempts to connect to HiRDB.
Traditionally, the CONNECT privilege has been granted by the DBA privilege holder to those users who need it. When the Directory Server linkage facility is used, there is no need to grant the CONNECT privilege to users. When user information (user IDs and passwords) is registered into Directory Server, the CONNECT privilege is granted automatically to all the registered users.
HiRDB manages DBA privileges, audit privileges, schema definition privileges, RDAREA usage privileges, and table access privileges. Figures 24-2 provide overviews of user authentication.
Figure 24-2 Overview of user authentication (for the Sun Java System Directory Server linkage facility)
The Sun Java System Directory Server employs the concept of roles. Groups of people based on job titles or departments are registered in a Directory Server as separate roles. Then, by granting table access privileges to a role, the administrator can grant table access privileges to all users who belong to that role. The administrator can manage separately the table access privileges for the various roles. Figure 24-3 shows the granting of table access privileges to a role.
To provide table access to a role, the administrator must use a role name, which the Sun Java System Directory Server applies as a filter.
Figure 24-3 Granting table access to a role