Creating a Role-Based User

Add a new role-based user to the database using the Create User wizard.

Prerequisites
Database Version Role-Based User Privileges
SAP Sybase IQ 15.3 and 15.4 Not supported.
SAP Sybase IQ 16.0 Creating a user requires MANAGE ANY USER system privilege.
Granting a role during the user creation process requires one of:
  • Administrative rights over the role being granted (role administrator).
  • MANAGE ROLES system privilege if the role being granted has a global role administrator.

Granting a system privilege during user creation requires administrative rights over the system privilege being granted.
Task
  1. In the Perspective Resources view, select the resource and select Resource > Administration Console.
  2. In the left pane, select IQ Servers > Security > Role-Based > Users.
  3. Click the arrow next to Users and select New.
    The Create User Wizard appears.
  4. On the Welcome page, specify
    Option Description
    Select a resource on which the user will be created. Select a resource from the list.
    Note: If the selected resource does not support role-based security, an error message appears.
    What do you want to name the new user? Enter a unique user ID.
  5. Click Next.
  6. On the Password page:
    Option Description
    Enable password Select to allow a user to connect to the database with password security. Leave this option unselected to disable the password and confirm password options.
    Password Create a strong user password. Characters appear as asterisks.
    Confirm password Confirms the password. The contents of the two password fields must match exactly.
    Requires password change on next login Select to force a user to change his or her password at the next login.
    Note: This functionality is not currently implemented in Sybase Control Center. When logging in to Sybase Control Center, a user will not be prompted to change their password. He or she will be prompted, however, when logging in to SAP Sybase IQ outside of Sybase Control Center (for example, using Interactive SQL).
    Login policy Select a login policy from the list.
  7. Click Next.
  8. On the Roles page, highlight a role to be granted. Click in the Grant Option column, click the arrow, and select the administrative rights to be granted.
    Grant Option Description
    Role only (default) Grantee can use the underlying system privileges of the role only.
    Administrative only Grantee can grant and revoke the selected role to other users and roles, but cannot use its underlying system privileges.
    Administrative and role Grantee can grant and revoke the selected role to other users and roles and use its underlying system privileges.
    • Only roles to which you have administrative rights appear on the list.
    • By default, a new user or user-extended role is automatically granted the PUBLIC system role with the "Role only" privilege (user is a member of the role, but has no administrative rights on the role). There is no need to add the PUBLIC role when creating a user, user-extended role, or standalone role.
    • When you grant a role to a user, user-extended role, or standalone role, unless otherwise noted, any underlying system privileges of the role being granted are automatically inherited by the user, user-extended role, or standalone role.
  9. Repeat step 8 to grant additional roles.
  10. Click Next.
  11. On the System Privileges page, highlight a system privilege to be granted. Click in the Grant Option column, click the arrow, and select the administrative rights to be granted.
    Note: Only system privileges to which you have administrative rights appear on the list.
    Grant Option Description
    Privilege only (default) Grantees can perform authorized tasks requiring the selected privilege, but cannot grant the system privilege to other users and roles.
    Administrative only Grantees can grant and revoke the selected system privilege to other users and roles, but cannot perform authorized tasks requiring the selected system privilege.
    Administrative and privilege Grantees can grant and revoke the selected system privilege to other users and roles and can perform authorized tasks requiring the selected system privilege.
  12. Repeat step 11 to grant additional privileges.
  13. Click Next.
  14. (Optional) On the Comment page, enter a comment for this user.
  15. Click Finish.
Parent topic: Role-Based Users
Related tasks
Deleting a Role-Based User
Converting a Role-Based User to a User-Extended Role
Adding a Role to a Role-Based User
Changing a Role-Based User's Administrative Rights on a Role
Removing a Role from a Role-Based User
Adding a System Privilege to a Role-Based User
Changing a User's Administrative Rights on a System Privilege
Removing a System Privilege from a Role-Based User
Viewing or Modifying Role-Based User Options
Generating Role-Based User DDL Commands
Viewing or Modifying Role-Based User Properties
Changing a Role-Based User Password
Forcing a Role-Based User to Change their Password
Unlocking a Role-Based User Account
Changing a Role-Based User Login Policy
Authenticating a Login Account for a Managed Resource
Related reference
Role-Based User Privilege Summary