Four database users exist and are available after the installation. They are important for the DP implementation and configuration, but not visible during the day-to-day work. (A configurable IDB service account is needed in DP to access the IDB; the IDB service is run under this account:) One of them, the user hpdp, is mapped to an OS user and must be created on Unix systems before the DP 8.00 installation. On Windows, the same user as for the CRS Account (DP Administrator) is used per default. The other three users are created automatically during IDB installation; the support user has super user capability and is thought for support to look at the IDB. #
(Before the DP installation, the customer has to create an OS user to become the DB super user and provide the name during installation.
- On Windows, the DB super user can be a local or domain account. (By default it is the DP Administrator, which is already provided during installation. No new user needs be created if the DP Administrator is taken. A dialog window allows during the DP installation process to specify another OS user as DB super user if desired.)
- On Linux and HP-UX, the database OS super user must be created prior to the installation. The recommendation on Linux and HP-UX is to name it as hpdp and to create a user group (with the same name) hpdp that the user belongs to.
The other database usernames are predefined in DP 8.00 and must not be changed by the customer.
The database OS super user (for example hpdp on Unix) is allowed to connect to the database without providing a password. For other DB users, the initial passwords are randomly generated during the installation, but can be changed. And these DB users must enter a password to get access to the DB. As a rule, the regular user will not access the IDB, but for very advanced users and support this possibility is opened.)
(Password maintenance:
- Database OS super user: The password can be changed with the OS admin tools. On Windows the customer must additionally adapt the password in the configuration of the Internal Database service hpdp-idb.
- Database users: The password can be changed with the CLI tool omnidbutil: E.g.
Omnidbutil –set_passwd <username> hpdpidb_spt
With this tool is for every user type the (during installation randomly predefined) password changeable/settable. When changing the password of the application user hpdpidb_app, the tool will not only modify the password in the database, but also update the encrypted password in the idb.config file. Also the JBoss AS password for accessing the database is updated.
The support user is super user and can do everything within the data base. With this account a user can log on to the database and perform appropriate queries. (This is to ease the administration for that the hpdb password would not needed to be changed to grant for support access to superuser functionality.)
Remember to restart the IDB service.
Ownership and permissions
The Super user hpdp owns the tablespace hpdpidb, the actual database hpdpidb as well as the database schema hpdpidb_app. (The support user has also super user capabilities!)
The Application user hpdpidb_app has full control within the schema hpdpidb_app, and owns all objects (tables, views, procedures, functions, triggers …) that exist inside this schema.
The Reporting user hpdpidb_rpt is allowed to use schema hpdpidb_app and select data from any object.)