Role separation provides increased database security because the database server splits administrative tasks into mutually exclusive roles. For detailed information about the role separation feature, see the IBM Informix: Trusted Facility Guide.
You cannot turn off role separation once you have enabled it. To remove role separation, you must uninstall the database server and reinstall it without role separation.
To enable role separation, run the installation. (See Installing Dynamic Server.) On the Role Separation screen, check the box to create users and groups.
If you choose to enable role separation during installation, you are prompted to create groups and users and add the users to the corresponding groups.
| Default Group Name | Role Category | Role Definition |
|---|---|---|
| ix_dbsa
(INFORMIX-ADMIN) |
Database Administrator | Performs general administrative tasks, such as archiving and restoring data, monitoring use and performance, and tuning the system |
| ix_aao | Auditing Analysis Officer | Audits the records of specific types of database activities. If someone attempts to circumvent or corrupt the security mechanism of the database, these actions can be traced. |
| ix_dbsso | Database System Security Officer | Maintains the security of the database server. Functions of this role include audit adjustment and changing security characteristics of storage objects. |
| ix_users | Database Users | Accesses the database to perform end-user tasks. With role separation enabled, only users who are designated as members of the ix_users group can access the database. |
After installation you can manually add users to these groups.
If you do not enable role separation, the Informix-Admin group performs all administrative tasks.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]