Managing access to a history database

As with any user database, database access permissions determine who can access a history database. By default, the following users have access to a history database:
  • The admin user
  • The database owner
  • The load user
The database owner and load user are specified in the corresponding nzhistcreatedb command.

The password for the load user is specified in a CREATE HISTORY CONFIGURATION or ALTER HISTORY CONFIGURATION command. If this password changes, you must update the history configuration with the new password or the loader process will fail.

Users who run reports against the history data require List and Select privileges for the history database. Users who create their own tables and views also require Create Table or Create View privileges.

If you have several users who require access, consider creating a user group to manage the necessary privileges.

Important notes for Kerberos environments

CAUTION:
If your system uses Kerberos authentication for database user accounts, note that you could encounter problems with loading query or audit history. The load user account must be active and authenticated with a valid Kerberos ticket for the loads to run. Kerberos tickets typically expire daily, and the history loads will fail if the load user's ticket is expired. As a possible workaround, you could create a scheduled job (such as a cron job) to automatically renew the ticket for the load user each day to keep an active ticket in place on the system.