2.7.8 Example of granting privileges to HADB users
This subsection uses an example to explain the flow of granting privileges to HADB users.
- Organization of this subsection
(1) Roles of HADB users and operation example
The figure below shows an operation example in which privileges are granted to HADB users. In this example, four types of HADB users are created.
|
|
![[Figure]](GRAPHICS/F0000035.GIF)
|
No. |
HADB user role |
Explanation |
|---|---|---|
|
1 |
User administrator |
This is the HADB user who manages other HADB users. The user administrator creates HADB users who have the following roles:
The user administrator also grants the CONNECT privilege and schema definition privilege to the created HADB users. In this example, the first HADB user who is created during database initialization is made the user administrator. |
|
2 |
Database builder |
This is an HADB user who is in charge of building databases. The database builder performs the following tasks:
|
|
3 |
Database operator |
This is the HADB user who is in charge of operating the database. The database operator performs the following tasks on tables created by the database builder:
|
|
4 |
Application program user |
This is the HADB user who uses an application program to retrieve or update the database. The application program user performs the following tasks on the tables created by the database builder:
|
- Note
-
This example does not involve an auditor, which is a role required when using the audit trail facility. For details about the audit trail facility and the role of the auditor, see 2.18 Audit trail facility.
(2) Process of granting privileges to HADB users
This subsection explains the general procedure for granting privileges to HADB users based on the HADB user roles described in (1) Roles of HADB users and operation example.
First, the following figure shows the general procedure that the user administrator follows to create HADB users and grant privileges.
|
|
![[Figure]](GRAPHICS/F0000036.GIF)
- Explanation
-
The HADB administrator, who is an OS user, performs database initialization. During this process, the user administrator is created as the first HADB user.
Then, the user administrator creates other HADB users and grants the CONNECT privilege and schema definition privilege.
Next, the following figure shows the general procedure for granting access privileges to the database operator and the application program users for access to the tables defined by the database builder.
|
|
![[Figure]](GRAPHICS/F0000037.GIF)
- Explanation
-
-
The database builder defines the tables. Then, the access privileges for the tables are granted to the database operator and application program user. This enables the database operator and the application program users to access the tables defined by the database builder, and to perform tasks allowed by the access privileges they now have.
-
When there are multiple database operators, you can grant access privileges with the grant options to a representative database operator in 2. Grant access privileges. This representative database operator can then grant access privileges to the other database operators.
-
You can also grant access privileges with the grant option to a representative application program user in 3. Grant access privileges to each application program user. This representative application program user can then grant access privileges to other application program users.
-
- Note
-
-
To grant a privilege to an HADB user or to revoke a granted privilege, execute the GRANT or REVOKE definition SQL statement.
-
The first HADB user is created during database initialization. The DBA privilege and CONNECT privilege are automatically granted to this first HADB user.
-