Authorizing User Access
Common Types of Ingres Users
In most installations, there are four types of users:
Installation Owner
The installation owner is typically an account named "ingres", but the ingres name is not required.
By default, this user has the Security privilege and most of the other privileges. Some of the privileges, however, can be revoked from this user and the system will still operate correctly. In a good production system, this user performs only administrative tasks on the system (such as startup and shutdown).
System Administrator
The system administrator is sometimes the "root" account. This account is commonly owned by the Information Technology (IT) department, but is also commonly owned by a user who has been defined as the Ingres System Administrator.
In a large production environment, there may be one or a few of these users. These users have the Security privilege, which allows them to use the -u flag on commands to imitate other users, and usually possess other privileges such as Maintain_locations and Maintain_users; if security auditing is enabled, they will also typically have Auditor and Maintain_audit privileges. The responsibility of this user is to perform administrative tasks that affect the entire Ingres instance such as creating and destroying Ingres users, allowing Ingres to use new disk drives, and monitoring the Ingres security audit logs.
In smaller environments, the system administrator and the installation owner may be the same user.
Database Administrator (DBA)
The DBA typically has only the Createdb privilege. DBAs can use the -u flag in their own databases only.
Typically, the DBA is not the installation owner, and in a good production system, does not have the Security privilege. The definition of the primary DBA for any given database is the user who ran the createdb command to create that database. Additional DBAs can be defined for a database by granting (see
The GRANT Statement) them the Db_admin privilege for that database.
End User
The end user typically has no privileges and cannot create a database.