Permission management  manage server permissions privilege

Chapter 8: Using Granular Permissions

manage security permissions privilege

Users with manage security permissions privileges can grant or revoke security-related sever-wide privileges and security-related database-wide privileges. See Table 8-1 and Table 8-2 respectively, for a list of these privileges.

Table 8-1: Server-wide privileges managed by manage security permissions privilege

Server-wide privileges

change password

checkpoint (on sybsecurity)

dump database (on sybsecurity)

load database (on sybsecurity)

manage any login

manage any login profile

manage any remote login

manage auditing

manage roles

manage security configuration

manage security permissions

online database (on sybsecurity)

own database (on sybsecurity)

set proxy

use database (on sybsecurity)
Table 8-2: Database-wide privileges managed by manage security permissions privilege

Database-wide privileges

create encryption key

decrypt any table

manage any encryption key

manage column encryption key

manage database permissions

manage master key

manage service key

update any security catalog

manage security permissions is initially explicitly granted to the sso_role on a newly installed server, and, by default, the sa account has manage security permissions privilege. Once you revoke manage server permissions from the sso_role, a user with this role cannot grant or revoke any security-related privilege.

To avoid having a user unintentionally causing the server to be locked, Adaptive Server ensures the server contains at least one unlocked user account with manage security permissions privilege.




Copyright © 2012. Sybase Inc. All rights reserved. manage server permissions privilege

View this document as PDF