Authorization Identifiers
Access can be granted to four authorization identifiers.
Identifiers are listed here from highest to lowest precedence, which determines the privilege enforced for a session if a particular privilege is defined for more than one authorization identifier associated with a session.
• Role
Roles simplify access to the database by associating subject privileges and permissions with an application. Roles can be created with the option of an additional password. The EXTERNAL_PASSWORD option allows a role’s password to be passed to an external authentication server for authentication.
• User
For each valid Vector user, a user object must be created in the Vector master database iidbdb. The user object specifies the user name, default group, default profile, subject privileges, and other attributes.
• Group
Groups simplify the managing of permissions because individual users can be added or removed from groups as required. Being a member of a group does not automatically give the user the permissions granted to the group. The user must have the group specified as default group or specify the group name in the session startup.
• Public
Granting permissions on objects to PUBLIC allows any user, group, or role access to those objects. The use of grants to PUBLIC should be limited.