INF_ROLE_SEP environment variable

The INF_ROLE_SEP environment variable configures the security feature of role separation when the database server is installed or reinstalled on UNIX™ systems. Role separation enforces separating administrative tasks by people who run and audit the database server. After the installation is complete, INF_ROLE_SEP has no effect. If INF_ROLE_SEP is not set, then user informix (the default) can perform all administrative tasks. 

1  setenv INF_ROLE_SEP n
n
is any positive integer.

On Windows™, the install process asks whether you want to enable role separation regardless of the setting of INF_ROLE_SEP. To enable role separation for database servers on Windows, select the role-separation option during installation.

If INF_ROLE_SEP is set when HCL OneDB™ is installed on a UNIX platform, role separation is implemented and a separate group is specified to serve each of the following responsibilities:
  • The Database Server Administrator (DBSA)
  • The Audit Analysis Officer (AAO)
  • The standard user

On UNIX, you can establish role separation by changing the group that owns the aaodir, dbsadir, or etc directories at any time after the installation is complete. You can disable role separation by resetting the group that owns these directories to informix. You can have role separation enabled, for example, for the Audit Analysis Officer (AAO) without having role separation enabled for the Database Server Administrator (DBSA).

For more information about the security feature of role separation, see the HCL OneDB Security Guide. To learn how to configure role separation when you install your database server, see your HCL OneDB Installation Guide.