User privileges

This section explains the user privileges that are set up by HiRDB. The following figure shows the HiRDB user privileges.

Figure 9-1 HiRDB user privileges

[Figure]

These HiRDB user privileges are granted to various users, such as HiRDB administrators, DBA privilege holders, and schema owners.

Privileges granted to HiRDB administrators: The administrator's own DBA privilege, audit privilege, and RDAREA usage privilege

Privileges granted to DBA privilege holders: DBA privilege, schema definition privilege, RDAREA usage privilege, and CONNECT privilege

Privilege granted to schema owners: Access privilege

Organization of this subsection: (1) DBA privilege; (2) Audit privilege; (3) CONNECT privilege; (4) Schema definition privilege; (5) RDAREA usage privilege; (6) Access privileges

(1) DBA privilege

The DBA privilege is required in order to grant and revoke DBA privileges, CONNECT privileges, and schema definition privileges. It permits the following actions:

Granting DBA privileges, CONNECT privileges, and schema definition privileges to other people
Revoking DBA privileges, CONNECT privileges, and schema definition privileges granted to other people
Defining other users' schemas
Defining a schema allows the schema owner to define base tables, view tables, indexes, abstract data types, stored procedures, stored functions, and triggers.
Deleting other users' schemas, base tables, view tables, indexes, abstract data types, stored procedures, stored functions, and triggers
Defining items related to the connection security facility
Connecting to HiRDB (CONNECT privilege holders)

(2) Audit privilege

This privilege is required for auditors. This privilege allows a user to perform the following actions:

Accessing audit trail tables
Loading data to audit trail tables
Granting and revoking the SELECT privilege to audit trail tables
Deleting audit trail tables
Changing auditor passwords
Defining and deleting audit events
Swapping audit trail files

To use the security audit facility, you need to set the audit privilege. For details about the security audit facility, see 9.2 Security audit facility.

(3) CONNECT privilege

The CONNECT privilege is required in order to use HiRDB. This privilege permits a user to connect to the database. An attempt to connect to the database by a user who does not have the CONNECT privilege results in an error.

(4) Schema definition privilege

The schema definition privilege is required in order to define a schema. This privilege permits a user to take the following actions:

Defining the user's own schema
Defining a schema allows the schema owner to define base tables, view tables, indexes, abstract data types, stored procedures, stored functions, and triggers.
Deleting the user's own schemas, base tables, view tables, indexes, abstract data types, stored procedures, stored functions, and triggers

(5) RDAREA usage privilege

The RDAREA usage privilege is required in order to use an RDAREA. This privilege permits a user to define tables and indexes in the RDAREA to which the privilege applies. An RDAREA for which the RDAREA usage privilege is granted by specifying an authorization identifier is called a private user RDAREA, and an RDAREA for which the RDAREA usage privilege is granted by specifying PUBLIC is called a public user RDAREA.

(6) Access privileges

An access privilege is required in order to access a table. Only those users who have an access privilege are allowed to access a table. Access privileges are set for each table. The types of access privilege are listed in the following table.

Table 9-1 Access privilege types