Working with Profile Objects
You can perform the following basic operations on profile objects:
• Create and alter profile objects
• View existing profile objects, including the detailed properties of each object
• Drop profile objects
In SQL, you can use the CREATE PROFILE, ALTER PROFILE, and DROP PROFILE statements when working in a session connected to the iidbdb database.
You can work with profile objects in Actian Director and VDBA.
Example of Using a Profile
After a profile is created, it can be assigned to a new or existing user object. By doing so, the attributes defined in the profile are associated with the user; the attributes of the user are updated whenever the profile is modified.
Attributes can also be set directly at the user level to override settings at the profile level.
For example, a company conducts an analysis of the tasks and responsibilities of its database operators at multiple sites. They find three tasks that are common to this type of user: database and file location maintenance, debugging, and database backups.
They create a profile for maintaining databases called dbop (database operator) with the appropriate subject privileges:
• maintain_locations
• trace
• operator
Whenever the company hires a new database operator, the database administrator can associate the dbop profile with that new user. Doing so automatically assigns the maintain_locations, trace, and operator privileges to the user.
If the company alters the dbop profile to include the maintain_users privilege, the change automatically affects any user currently using the profile.
Because the dbop profile did not specify the option to audit the query text associated with user queries, users associated with this profile are not audited for query text. To audit the query text for only one of the users associated with the dbop profile, this option can be turned on at the user level (by using the ALTER USER statement). This overrides the default for that particular user, without affecting any other users of the dbop profile.
Note: If attributes are defined at both the user level and the profile level, the attributes at the user level are used. If the user is defined with NOPRIVILEGES, then the user has no privileges even if the profile lists privileges.
Default Profile
A default profile is the profile initially assigned to a user if one is not explicitly assigned.
The default profile specifies the following:
• No default group
• No subject privileges or default privileges
• No expiration date
• No security audit options (that is, default events are audited)
Notes:
• You can alter the default profile but you cannot drop it.
• Altering the default profile will alter privilege attributes of all users that have not been given a specific profile.
You can change the default profile using the ALTER DEFAULT PROFILE statement, Actian Director, or VDBA.
Last modified date: 08/28/2024