To set up and use a secure zone, the following tasks need to be performed:
- An existing user with the appropriate privileges should grant zone creation privileges to an existing user or should create a user and grant the privileges needed to create zones to that user.
For more information, see SQL Data Control Language.
- The zone creator must create an empty user or database to be zone root or assign an existing user or database to be or zone root. If the zone creator creates the zone with a user as root, then the zone creator must have DROP USER privilege on that user. If the zone creator creates the zone with a database as root, then the zone creator must have CREATE USER privilege on the database that becomes the root.
For information about creating users and databases, see Database Administration.
- The zone creator must create a secure zone.
See Creating a Zone.
- If the creator creates the zone with ROOT as a user, skip this step. If the creator creates the zone with ROOT as a database, then assign a primary DBA to the zone.
- The zone creator can add zone guests to the zone, if desired.
- The primary DBA can create at least one zone user in the zone using the existing CREATE USER syntax. Any of these zone users can then optionally create other zone users.
- If the zone creator added zone guests, a zone user must grant them the desired privileges.
For information about granting privileges, see GRANT (SQL Form) in SQL Data Control Language.
- If you want to map the users in the zone to a proxy user or to preexisting directory users, you can either set up a proxy user or set up roles.