1 User Authentication Method
LDAP authentication: You can use an LDAP name server to authenticate database users, manage passwords, and manage account activations and deactivations. The Netezza system then uses a Pluggable Authentication Module (PAM) to authenticate users on the LDAP name server. Microsoft Active Directory conforms to the LDAP protocol, so it can be treated like an LDAP server for the purposes of LDAP authentication. The Netezza host supports LDAP authentication for database user logins only, not for operating system logins on the host.
Local Authentication: Create an IBM Netezza database user; specify a password for that account. The password is saved with the user account in the Netezza database. When the user logs in to the database Netezza verifies that password against the string that is stored in the Netezza database. This method is called local authentication.
2 User Security Level
User security is controlled at 2 levels as follows:
OS Level : By default, a Netezza appliance has two preconfigured Linux users:
ROOT — should only be used for the application of Netezza and OS patches. It is recommended to change the password.
NZ — the owner of the Netezza database software
Database Level: Netezza database users are managed by the database and are unrelated to the OS users. Netezza appliance has a single-user ADMIN, which is the super-user of the database, has all possible privileges and some special advantages like a reserved set of system resources. It is a good idea to create a global administrative user with most ADMIN privileges. The ADMIN user is in many regards special and should only be used in emergencies. It has, for example, a reserved set of system resources associated with it.