>>-setenv--INF_ROLE_SEP--n-------------------------------------><
The INF_ROLE_SEP environment variable configures the security feature of role separation when the database server is installed or reinstalled on UNIX systems. Role separation enforces separating administrative tasks by people who run and audit the database server. After the installation is complete, INF_ROLE_SEP has no effect. If INF_ROLE_SEP is not set, then user informix (the default) can perform all administrative tasks.
On Windows, the install process asks whether you want to enable role separation regardless of the setting of INF_ROLE_SEP. To enable role separation for database servers on Windows, choose the role-separation option during installation.
If INF_ROLE_SEP is set when Dynamic Server is installed on a UNIX platform, role separation is implemented and a separate group is specified to serve each of the following responsibilities:
On UNIX, you can establish role separation manually by changing the group that owns the aaodir, dbsadir, or etc directories at any time after the installation is complete. You can disable role separation by resetting the group that owns these directories to informix. You can have role separation enabled, for example, for the Audit Analysis Officer (AAO) without having role separation enabled for the Database Server Administrator (DBSA).
For more information about the security feature of role separation, see the IBM Informix: Trusted Facility Guide. To learn how to configure role separation when you install your database server, see your IBM Informix: Installation Guide.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]