24.1.3 Capabilities of the Directory Server linkage facility

Organization of this subsection
(1) Centralized management by the Directory Server of users connected to HiRDB
(2) Granting of table access to roles

(1) Centralized management by the Directory Server of users connected to HiRDB

Directory Server provides centralized management of the CONNECT privilege information that was previously managed by HiRDB and performs user authentication whenever a user attempts to connect to HiRDB.

Traditionally, the CONNECT privilege has been granted by the DBA privilege holder to those users who need it. When the Directory Server linkage facility is used, there is no need to grant the CONNECT privilege to users. When user information (user IDs and passwords) is registered into Directory Server, the CONNECT privilege is granted automatically to all the registered users.

HiRDB manages DBA privileges, audit privileges, schema definition privileges, RDAREA usage privileges, and table access privileges. Figures 24-2 provide overviews of user authentication.

Figure 24-2 Overview of user authentication (for the Sun Java System Directory Server linkage facility)

[Figure]

Explanation
When a user attempts to connect to HiRDB, Sun Java System Directory Server performs user authentication. If the user's ID and password have been registered in Sun Java System Directory Server, the user is permitted to connect to HiRDB.

(2) Granting of table access to roles

The Sun Java System Directory Server employs the concept of roles. Groups of people based on job titles or departments are registered in a Directory Server as separate roles. Then, by granting table access privileges to a role, the administrator can grant table access privileges to all users who belong to that role. The administrator can manage separately the table access privileges for the various roles. Figure 24-3 shows the granting of table access privileges to a role.

To provide table access to a role, the administrator must use a role name, which the Sun Java System Directory Server applies as a filter.

Figure 24-3 Granting table access to a role

[Figure]

Explanation
If the owner of a table grants access to a role (for example, to the General Affairs Department), all users in the General Affairs Department will be able to access that table.