Hitachi

Hitachi Advanced Database Setup and Operation Guide


2.7.8 Example of granting privileges to HADB users

This subsection uses an example to explain the flow of granting privileges to HADB users.

Organization of this subsection

(1) Roles of HADB users and operation example

The figure below shows an operation example in which privileges are granted to HADB users. In this example, four types of HADB users are created.

Figure 2‒28: Role of each HADB user and operation example

[Figure]

Table 2‒8: Role assignment for HADB users to be created

No.

HADB user role

Explanation

1

User administrator

This is the HADB user who manages other HADB users. The user administrator creates HADB users who have the following roles:

  • Database builder

  • Database operator

  • Application program user

The user administrator also grants the CONNECT privilege and schema definition privilege to the created HADB users.

In this example, the first HADB user who is created during database initialization is made the user administrator.

2

Database builder

This is an HADB user who is in charge of building databases. The database builder performs the following tasks:

  • Defining schemas, tables, and indexes

  • Importing data

  • Granting access privileges to the database operator and application program user for the created tables

3

Database operator

This is the HADB user who is in charge of operating the database. The database operator performs the following tasks on tables created by the database builder:

  • Importing data

  • Re-creating indexes

  • Collecting cost information

  • Retrieving data using the SELECT statement

4

Application program user

This is the HADB user who uses an application program to retrieve or update the database. The application program user performs the following tasks on the tables created by the database builder:

  • Using the SELECT statement to retrieve data

  • Using the INSERT, UPDATE, or DELETE statement to add, update, or delete data

Note

This example does not involve an auditor, which is a role required when using the audit trail facility. For details about the audit trail facility and the role of the auditor, see 2.18 Audit trail facility.

(2) Process of granting privileges to HADB users

This subsection explains the general procedure for granting privileges to HADB users based on the HADB user roles described in (1) Roles of HADB users and operation example.

First, the following figure shows the general procedure that the user administrator follows to create HADB users and grant privileges.

Figure 2‒29: General procedure for granting privileges (part 1)

[Figure]

Explanation

The HADB administrator, who is an OS user, performs database initialization. During this process, the user administrator is created as the first HADB user.

Then, the user administrator creates other HADB users and grants the CONNECT privilege and schema definition privilege.

Next, the following figure shows the general procedure for granting access privileges to the database operator and the application program users for access to the tables defined by the database builder.

Figure 2‒30: General procedure for granting privileges (part 2)

[Figure]

Explanation
  • The database builder defines the tables. Then, the access privileges for the tables are granted to the database operator and application program user. This enables the database operator and the application program users to access the tables defined by the database builder, and to perform tasks allowed by the access privileges they now have.

  • When there are multiple database operators, you can grant access privileges with the grant options to a representative database operator in 2. Grant access privileges. This representative database operator can then grant access privileges to the other database operators.

  • You can also grant access privileges with the grant option to a representative application program user in 3. Grant access privileges to each application program user. This representative application program user can then grant access privileges to other application program users.

Note
  • To grant a privilege to an HADB user or to revoke a granted privilege, execute the GRANT or REVOKE definition SQL statement.

  • The first HADB user is created during database initialization. The DBA privilege and CONNECT privilege are automatically granted to this first HADB user.