User Guide : 10. Administering Users, Groups, Roles, and Profiles : Creating Users, Groups, Roles, and Profiles : Role Dialog
 
Share this page                  
Role Dialog
You use the Role dialog to create or modify user roles. A role allows you to associate privileges with applications. Only users who have been granted access to a role can perform the actions that role enables.
You can access this dialog to create a new role in the following ways:
From the Roles folder context menu: New Role
From an existing role node context menu: New Role
From the Database menu tab: Role, New Role (see Database Tab)
For more information, see Create a Role.
You can access this dialog to modify an existing role from an existing role node context menu: Modify.
The Role dialog contains the following pages:
General—see General Page (Role)
Privileges—see Privileges Page (Role)
Grantees—see Grantees Page (Role)
Access—see Access Page (Role)
Options—see Options Page (Role)
The dialog contains the following controls:
OK button
Creates the specified role
Cancel button
Closes the dialog without saving any changes
General Page (Role)
The General page of the Role dialog lets you define core user role configuration information. The General page contains the following fields:
Name
Specifies a name for the role
Note:  You cannot create a role if the role name is disallowed. Disallowed names include all privileged names (for example, db_admin).
Set DBMS Password
(Actian Vector 3.0 or higher) Specifies that user authentication is achieved through the DBMS. The first time this option is selected for a user, a warning message appears.
Selecting this option makes it unnecessary to add an operating system user every time a new user needs access to a database. A user who is appropriately defined in the database can access the database using a valid Actian Vector user name and password. The user does not need to be defined at the operating system level or in a global directory.
Note:  Selecting this option prevents the user from connecting to a DBMS server that is not configured to perform DBMS authentication.
For complete information, see “DBMS Authentication” in the Actian Vector User Guide.
New Password
Specifies the password for the user. This field is enabled only if the Set DBMS password option is selected.
Confirm Password
Confirms the password for the user. This field is enabled only if the Set DBMS password option is selected.
Privileges Page (Role)
The Privileges page of the Role dialog lets you assign privileges that are applied to the user role, regardless of the database to which users are connected. For any privilege, select the Active By Request check box to apply the privilege to users.
You can assign the following privileges to a user role:
Create Database
Enables users to create and destroy databases
Set Trace Flags
Enables users to access tracing and debugging features
Security Administrator
Enables users to perform security-related operations, such as impersonating other users, and to avoid certain security checks, such as database privilege checks
Operator
Enables users to perform database backups and other maintenance operations
Auditor
Enables users to query the security audit log
Maintain Locations
Enables users to manage database and file locations
Maintain Security Audit
Enables users to control what information is written to the security audit log
Maintain Users
Enables users to perform various user-related functions, such as creating users and roles
Grantees Page (Role)
The Grantees page of the Roles dialog lets you assign users to the role.
Note:  To assign a user to the role, you must create the user first. For more information, see Create a New User.
For new roles, no users are selected. For existing roles, any users currently assigned are checked.
Access Page (Role)
The Access page of the Role dialog lets you specify the non-granted databases that users have access to. This provides access to databases that are not public and for which the selected default role is not granted access.
The Access page lists all the non-granted databases in the installation. Selecting a check box grants the user role access to that database. Selecting “The role has access to the entire installation” checks all of the non-granted databases.
Options Page (Role)
The Options page of the Role dialog contains all other miscellaneous configuration information. The Options page contains the following fields pertaining to security auditing:
All Events
Specifies whether security auditing is enabled for all events
Query Text
Specifies whether security auditing is enabled for query text