Security Guide : 2. Authorizing User Access
 
Share this page                  
Authorizing User Access
 
Types of Vector Users
How to Establish User Access
Users and Profiles
Groups and Roles
Types of Vector Users
In most installations, there are four types of users:
Installation Owner
The installation owner is typically an account named "actian", but the actian name is not required.
By default, this user has the Security privilege and most of the other privileges. Some of the privileges, however, can be revoked from this user and the system will still operate correctly. In a good production system, this user performs only administrative tasks on the system (such as startup and shutdown).
System Administrator
The system administrator is sometimes the "root" account. This account is commonly owned by the Information Technology (IT) department, but is also commonly owned by a user who has been defined as the Vector System Administrator.
In a large production environment, there may be one or a few of these users. These users have the Security privilege, which allows them to use the -u flag on commands to imitate other users, and usually possess other privileges such as maintain_locations and maintain_users; if security auditing is enabled, they will also typically have auditor and maintain_audit privileges. The responsibility of this user is to perform administrative tasks that affect the entire Vector instance such as creating and destroying Vector users, allowing Vector to use new disk drives, and monitoring the Vector security audit logs.
In smaller environments, the system administrator and the installation owner may be the same user.
Database Administrator (DBA)
The DBA typically has only the Createdb privilege. DBAs can use the -u flag in their own databases only.
Typically, the DBA is not the installation owner, and in a good production system, does not have the Security privilege. The definition of the primary DBA for any given database is the user who ran the createdb command to create that database. Additional DBAs can be defined for a database by granting (see The GRANT Statement) them the db_admin privilege for that database.
End User
The end user typically has no privileges and cannot create a database.