1. Introduction to Vector Security : User Authentication : DBMS Authentication
 
Share this page                  
DBMS Authentication
Vector allows DBMS level authentication in addition to the other supported methods (which include operating system authentication, installation passwords, and Kerberos authentication). The DBMS authentication feature removes the need to add an operating system user every time a new user needs to access a database.
A user who is appropriately defined in the database can access the database using a valid Vector user name and password. The user does not have to be defined at the operating system level or in a global directory.
DBMS authentication must be enabled for the DBMS Server on which the database resides. It is on by default (dbms_authentication=on in config.dat). Such authentication can be enabled at the server level only, not at the database level.
Database administrators can configure DBMS authentication for each user by using new WITH options on the CREATE USER and ALTER USER statements or by using Actian Director or accessdb.
A user can be defined on the CREATE USER statement as either WITH DBMS_AUTHENTICATION='REQUIRED' or WITH DBMS_AUTHENTICATION='OPTIONAL' (the default).
A user who is defined WITH DBMS_AUTHENTICATION='REQUIRED' must connect to the database using his DBMS user name and password. All other connection attempts will fail. Such a user cannot connect to a server configured as dbms_authentication=no.
System administration users must be defined as DBMS_AUTHENTICATION='OPTIONAL.' All users with the "security" privilege, including the installation owner, are forced to be DBMS_AUTHENTICATION='OPTIONAL'.
If a user is created or altered with DBMS_AUTHENTICATION='REQUIRED', the user must also have a DBMS password or an error is issued. A user defined with no DBMS password can connect to dbms_authentication enabled servers only through a local connection, installation password, or Kerberos authentication.
Users can set and modify their own DBMS passwords if they have the CHANGE_PASSWORD privilege (the default). DBMS passwords are encrypted on disk and when passed over the network.
DBMS authentication is backward compatible. An older remote client will work with new remote dbms_authentication enabled servers assuming that the DBMS password (defined by the CREATE USER statement and stored in iiuser catalog) is compatible with the vnode password.
When an existing installation is upgraded, existing user definitions are modified to DBMS_AUTHENTICATION='OPTIONAL'.
For more information, see the CREATE USER, ALTER USER, and CONNECT statements in the SQL Reference Guide.