After administrators are registered, they can complete a limited set of tasks. By default, administrators can request command-line help and issue queries.
To perform other tasks, administrators must be granted authority by being assigned one or more administrative privilege classes. Privilege classes determine the authority level for an administrator. Figure 1 illustrates the privilege classes. An administrator with system privilege class can complete any task with the server. Administrators with policy, storage, operator, or node privileges can complete subsets of tasks.
Important: Two server options give you extra control over the
ability of administrators to complete tasks.
- Use the QUERYAUTH server option to select the privilege class that an administrator must have to issue QUERY and SELECT commands. By default, no privilege class is required. You can change the requirement to one of the privilege classes, including system.
- Use the REQSYSAUTHOUTFILE server option to specify that system authority is required for commands that cause the server to write to an external file (for example, BACKUP DB). By default, system authority is required for such commands.
Figure 1. Administrative privilege
classes
Table 1 summarizes
the privilege classes, and gives examples of how to set privilege
classes.
| Privilege Class | Capabilities |
|---|---|
System |
Perform any administrative task with
the server.
|
Unrestricted Policy |
Manage the backup and archive services
for nodes that are assigned to any policy domain.
|
Restricted Policy |
Same capabilities as unrestricted policy except authority is limited to specific policy domains. |
Unrestricted Storage |
Manage server storage, but not definition
or deletion of storage pools.
|
Restricted Storage |
Manage server storage, but limited
to specific storage pools.
|
Operator |
Control the immediate operation of
the server and the availability of storage media.
|
Node |
Access a web backup-archive client to complete backup and restore operations. |