An example of setting up security

This uses special roles assigned to the users listed in Table 2-1.

**Table 2-1: Users to whom you assign roles**
Name	Privilege	Operating system login name
Rajnish Smith	sso_role	rsmith
Catherine Macar-Swan	sa_role	cmacar
Soshi Ikedo	sa_role	sikedo
Julio Rozanski	oper_role	jrozan
Alan Johnson	dbo	ajohnson

Table 2-2 shows the sequence of commands you might use to set up a secure operating environment for Adaptive Server, based on the role assignments shown in Table 2-1. After logging in to the operating system, issue these commands using the initial “sa” account.

**Table 2-2: Examples of commands used to set up security**
Commands	Result
isql -Usa	Logs in to Adaptive Server as “sa.” Both sa_role and sso_role are active.
sp_audit “security”, “all”, “all”, “on”‘ sp_audit “all”, “sa_role”, “all”, “on” sp_audit “all”, “sso_role”, “all”, “on”‘	Sets auditing options for server-wide, security-relevant events, and the auditing of all actions that have sa_role or sso_role active.
sp_configure “auditing”, 1	Enables auditing.
Before you enable auditing, set up a threshold procedure for the audit trail and determine how to handle the transaction log in sybsecurity. See Chapter 10, “Auditing.”
create login	Adds logins and passwords.
grant role	Grant roles.
use sybsecurity sp_changedbowner rsmith	Grants access to the auditing database, sybsecurity, by making Rajnish, who is the system security officer, the database owner. Alan is not granted any system-defined roles.
sp_locklogin sa,"lock"	Locks the “sa” login so that no one can log in as “sa.” Individuals can assume only the roles that are configured for them.
Do not lock the “sa” login until you have granted individual users the sa_role and sso_role roles and have verified that the roles operate successfully.