Managing access to a history database
As with any user database, database access permissions determine
who can access a history database. By default, the following users
have access to a history database:
- The admin user
- The database owner
- The load user
The password for the load user is specified in a CREATE HISTORY CONFIGURATION or ALTER HISTORY CONFIGURATION command. If this password changes, you must update the history configuration with the new password or the loader process will fail.
Users who run reports against the history data require List and Select privileges for the history database. Users who create their own tables and views also require Create Table or Create View privileges.
If you have several users who require access, consider creating a user group to manage the necessary privileges.
Important notes for Kerberos environments
CAUTION:
If your system uses Kerberos authentication for database user accounts, note
that you could encounter problems with loading query or audit history. The load user account must be
active and authenticated with a valid Kerberos ticket for the loads to run. Kerberos tickets
typically expire daily, and the history loads will fail if the load user's ticket is expired. As a
possible workaround, you could create a scheduled job (such as a cron job) to automatically renew
the ticket for the load user each day to keep an active ticket in place on the system.