System Administrators:
Handle tasks that are not specific to applications
Work outside Adaptive Server’s discretionary access control system
The role of System Administrator is usually granted to individual Adaptive Server logins. All actions taken by that user can be traced to his or her individual server user ID. If the server administration tasks at your site are performed by a single individual, you may instead choose to use the “sa” account that is installed with Adaptive Server. At installation, the “sa” account user has permission to assume the System Administrator, System Security Officer, and Operator roles. Any user who knows the “sa” password can log in to that account and assume any or all of these roles.
The fact that a System Administrator operates outside the protection system serves as a safety precaution. For example, if the Database Owner accidentally deletes all the entries in the sysusers table, the System Administrator can restore the table (as long as backups exist). There are several commands that can be issued only by a System Administrator. They include disk init, disk refit, disk reinit, shutdown, kill, and the disk mirroring commands.
In granting permissions, a System Administrator is treated as the object owner. If a System Administrator grants permission on another user’s object, the owner‘s name appears as the grantor in sysprotects and in sp_helprotect output.
In addition, System Administrators are responsible for dropping logins and can lock and unlock logins. System Security Officers share login management responsibilities with System Administrators. System Security Officers are responsible for adding logins and can also lock and unlock logins.
