Viewing or Modifying Authority-Based Group Properties

View or change the details of login parameters and authorities for a group.

Prerequisites

Database Version	Authority-Based Group Permissions
SAP Sybase IQ 15.3 and 15.4	View any property page – none. Modify a password – you must have one of: DBA authority USER ADMIN authority PERMS ADMIN authority Modify a login policy – you must have one of: DBA authority USER ADMIN authority Modify any other group property except those relating to permissions – you must have DBA authority. For privileges relating to group permissions, see: Authority-Based Database Object Permissions Privilege Summary
SAP Sybase IQ 16.0	Not supported.

Database Version

Authority-Based Group Permissions

SAP Sybase IQ 15.3 and 15.4

View any property page – none.

Modify a password – you must have one of:

DBA authority
USER ADMIN authority
PERMS ADMIN authority

Modify a login policy – you must have one of:

DBA authority
USER ADMIN authority

Modify any other group property except those relating to permissions – you must have DBA authority.

For privileges relating to group permissions, see:

Authority-Based Database Object Permissions Privilege Summary

SAP Sybase IQ 16.0

Not supported.

The SAP Sybase IQ resource is authenticated and running.
The selected resource supports authority-based security.

Task

In the Perspective Resources view, select the resource, and select Resource > Administration Console.
In the left pane, expand IQ Servers > Security > Authority-Based, and then select Groups.
Select a group from the right pane and either:
- Click the arrow to the right of the name and select Properties, or
- From the Administration Console menu bar, select Resource > Properties.
The Group Properties view appears

View or edit the properties.

When you are modifying properties, you need not click Apply before changing screens; however, doing so saves any changes.
If you do not have privileges to modify properties, SAP Control Center displays the properties view in read-only mode.

Area	Description
General	Name – (Read-only) Name of the user. Enable Password – Allows the user to connect to the database with password security. Clearing this option disables the Password and Confirm Password options. Password – The password for the user. Characters appear as asterisks. Confirm password – A field for confirming the password that you typed in the Password text box. The contents of the two fields must match exactly. Password creation time – Date and time when the password was created. Change password on next login – Force the user to change the password at the next login. Login policy – (Read-only) Select the login policy that applies for this user. Last login time – (Read-only) Last time the user successfully logged in. Failed login attempts – (Read-only) Number of times the user has tried to log in with an incorrect password. Locked – Displays false if the account is unlocked. Displays true if the user has exceeded the allowed number of failed login attempts. Unlock now –Unlocks the account if Locked is true. Comment – A text field for adding an optional comment about the user.
Authorities	Backup - Grants the ability to perform database backups. DBA - Grants the ability fully administer the database. Multiplex Admin - Grants the ability for Multiplex server administration. Operator - Grants the ability to backup and checkpoint databases, perform system monitoring, and drop connections. Perms Admin - Grants the ability to manage data permission, groups, authorities, and passwords. Profile - Grants the ability to perform application and procedure profiling, request log creation and analysis, and by the Index Consultant. Read client file - Grants the ability to read from a file on the client computer, for example when loading data. Read file - Grants the ability to the group to execute SELECT statements against a file using the OPENSTRING clause. Remote DBA - Grants Remote DBA authority to any table the group can access. To ensure that actions are secure, run the SQL Remote Message agent using a user ID with this type of authority. Resource - Grants the ability to create database objects. Space Admin - Grants the ability to perform dbspace management (including CREATE permission) and read-only selective database restoration. User Admin - Grants the ability to manage users, external logins, and login policies management. Validate - Grants the ability to validate tables, materialized views, and indexes. Note: Materialized views are only supported for tables in the IQ system store. Write client file - Grants the ability to write to a file on the client computer, for example when downloading data.
Permission	See Authority-Based User and Group Object Permissions.

Area

Description

General

Name – (Read-only) Name of the user.

Enable Password – Allows the user to connect to the database with password security. Clearing this option disables the Password and Confirm Password options.

Password – The password for the user. Characters appear as asterisks.

Confirm password – A field for confirming the password that you typed in the Password text box. The contents of the two fields must match exactly.

Password creation time – Date and time when the password was created.

Change password on next login – Force the user to change the password at the next login.

Last login time – (Read-only) Last time the user successfully logged in.

Failed login attempts – (Read-only) Number of times the user has tried to log in with an incorrect password.

Locked – Displays false if the account is unlocked. Displays true if the user has exceeded the allowed number of failed login attempts.

Unlock now –Unlocks the account if Locked is true.

Comment – A text field for adding an optional comment about the user.

Authorities

Backup - Grants the ability to perform database backups.

DBA - Grants the ability fully administer the database.

Multiplex Admin - Grants the ability for Multiplex server administration.

Operator - Grants the ability to backup and checkpoint databases, perform system monitoring, and drop connections.

Perms Admin - Grants the ability to manage data permission, groups, authorities, and passwords.

Profile - Grants the ability to perform application and procedure profiling, request log creation and analysis, and by the Index Consultant.

Read client file - Grants the ability to read from a file on the client computer, for example when loading data.

Read file - Grants the ability to the group to execute SELECT statements against a file using the OPENSTRING clause.

Remote DBA - Grants Remote DBA authority to any table the group can access. To ensure that actions are secure, run the SQL Remote Message agent using a user ID with this type of authority.

Resource - Grants the ability to create database objects.

Space Admin - Grants the ability to perform dbspace management (including CREATE permission) and read-only selective database restoration.

User Admin - Grants the ability to manage users, external logins, and login policies management.

Validate - Grants the ability to validate tables, materialized views, and indexes.

Note: Materialized views are only supported for tables in the IQ system store.

Write client file - Grants the ability to write to a file on the client computer, for example when downloading data.

Permission

See Authority-Based User and Group Object Permissions.

Do one of:
- Click OK to update any changes to the database and exit the properties view.
- Click Apply to update any changes to the database, but remain in the properties view.
- Click Cancel to cancel any changes not updated to the database and exit the properties view.