A separate level of security, which controls the creating and dropping of databases, provides additional database security. The -gu database server command line option controls who can execute the file administration statements.
There are four levels of permission for the use of file administration statements: all, none, DBA, and utility_db. The utility_db level permits a user who can connect to the utility database to use the file administration statements.
-gu Switch Value | Effect | Applies To |
---|---|---|
all | Anyone can execute file administration statements | Any database including the utility database |
none | No one can execute file administration statements | Any database including the utility database |
DBA | Only users with the SERVER OPERATOR system privilege can execute file administration statements | Any database including the utility database |
utility_db | Only the users who can connect to the utility database can execute file administration statements | Only the utility database |
On Sun, HP, Linux, and Windows platforms, to permit only the user knowing the utility database password to connect to the utility database and create or delete databases, start the server at the command line:
start_iq -n testsrv -gu utility_db
On AIX, to permit only the user knowing the utility database password to connect to the utility database and create or delete databases, start the server at the command line:
start_iq -n testsrv -gu utility_db -iqmt 256
Assuming that the utility database password was set to IQ&Mine49 during installation, this command starts the Interactive SQL utility as a client application, connects to the server named testsrv, loads the utility database, and connects the user:
dbisql -c "uid=DBA;pwd=IQ&Mine49;dbn=utility_db;eng=testsrv"
Executing this statement successfully connects you to the utility database, and you can now create and delete databases.