[northlandboy]

humayun, if you think the DB is corrupted, just install policy on the module - that also installs the database.

ajlafontaine, you used to be able to have users who could install the database only, and then it became something you could only do by editing objects_5_0.C - have a look at sk15270. You need to edit allow_install_users_db_on_module

However, you should be warned that this can cause some problems. What ends up happening is that the DB gets out of sync with the policy. What I've seen happen is for SecureClient to start dropping all the authenticated rules on the cleanup rule, until you reinstall policy. I'm not sure exactly what causes it - things will be going fine, install DB a few times, no problems - and then it stops working. I'm not sure if it's caused by certain sorts of changes - perhaps user/object deletes?

I don't know what your setup is, but I understand having something like that, where you have user admins who are separate from the firewall team. What you could do, if the users are being authenticated externally, is to use a generic* user, and let the ACE server (or whatever) handle it.