Command Line Options That Control Privileges

The database server start-up command start_iq includes options that set the privilege level of some database and server functions.

Switches That Start and Stop Databases

The -gd option lets you limit the users who can start or stop a database on a running server to those with a certain level of privilege in the database to which they are already connected:
  • DBA – (default value) only users with SERVER OPERATOR system privilege can start an extra database.
  • ALL – (default in start_iq and default.cfg) any user can start and stop databases. This setting means that the DBA does not need to issue START DATABASE commands. Users must still be granted the privileges to access a particular database once he or she has started it.
  • NONE – no one can start or stop a database from Interactive SQL on a running server.
Note: If -gd ALL is not set when you start the server, only a user with the SERVER OPERATOR system privilege can start additional databases on that server. This means that users cannot connect to databases that are not already started, either at the same time as the server, or since then by a user with the SERVER OPERATOR system privilege. However, it also lets a user without the SERVER OPERATOR system privilege stop a database. For this reason, you may want to change this setting to DBA on production databases.

Switches That Create and Delete Databases

The -gu option limits the users who can create and drop databases to those with a certain level of privilege in the database to which they are connected.
  • DBA – only users with SERVER OPERATOR system privilege can create and drop databases.
  • ALL (default) – any user can create and drop databases.
  • NONE – no user can create or drop a database.
  • UTILITY_DB – only those users who can connect to the utility_db database can create and drop databases.

Stop Server Switch

The -gk option limits the users who can shut down a server with the dbstop utility or STOP ENGINE command:
  • DBA (default) – only users with SERVER OPERATOR system privilege can stop the server.
  • ALL – any user can stop the server.
  • NONE – no user can shut down the server with the dbstop utility or STOP ENGINE command.

Switches That Load and Unload Databases

The -gl option limits the users who can load data using LOAD TABLE to users with a certain level of privilege in the database.

  • DBA – any user with the LOAD ANY TABLE, ALTER ANY TABLE, or ALTER ANY OBJECT system privilege can load data.
  • ALL (default for start_iq and default.cfg) – any user can load data.
  • NONE – data cannot be loaded.
Parent topic: Command Line Switches