As with any user database, database access permissions determine
who can access a history database. By default, the following users
have access to a history database:
- The admin user
- The database owner
- The load user
The database owner and load user are specified in the corresponding
nzhistcreatedb command.
The password for the load user is specified in a CREATE HISTORY
CONFIGURATION or ALTER HISTORY CONFIGURATION command. If this password
changes, you must update the history configuration with the new password
or the loader process will fail.
Users who run reports against the history data require List and
Select privileges for the history database. Users who create their
own tables and views also require Create Table or Create View privileges.
If you have several users who require access, consider creating
a user group to manage the necessary privileges.
Important notes for Kerberos environments
CAUTION:
If your system uses Kerberos authentication for database user accounts, note
that you could encounter problems with loading query or audit history. The load user account must be
active and authenticated with a valid Kerberos ticket for the loads to run. Kerberos tickets
typically expire daily, and the history loads will fail if the load user's ticket is expired. As a
possible workaround, you could create a scheduled job (such as a cron job) to automatically renew
the ticket for the load user each day to keep an active ticket in place on the system.