SAP® Sybase® IQ provides a role-based security model to
control access to database objects and the execution of privileged operations. A role-based
security model provides complete control and granularity for the privileges you want to
grant to users. Each privileged operation a user can perform in the database requires one or
more system privilege or object-level privilege.
A system privilege is a right to perform an authorized database task. For
example, the CREATE TABLE system privilege allows a user to create self-owned tables.
An object-level privilege is a right to perform an authorized task on a
specified object. For example, having ALTER privileges on TableA allows a user to alter
that table, but not other tables.
A role is a container which may contain one or more system, privileges,
object-level privileges and other roles. Granting a role to a user is equivalent to
granting the user the underlying system and object-level privileges of the role.
All new users are automatically granted the PUBLIC system role, which give users the
ability to:
- View the data stored in the system views
- Execute most system stored procedures
Once you have created a new user, you can:
- Grant user-defined roles, system roles, system privileges, and object-level
privileges to the user.
- Assign a login policy to the user. By default, a user is assigned to the root
login policy.
- Set the user as the publisher or as a remote user of the database for use in a
SQL Remote system.
Each new or migrated SAP Sybase IQ database includes a
predefined set of roles you can use to get started. These system roles act as a starting
point for implementing role-based security.
Note: If you are a pre-16.0 SAP Sybase IQ customer, it is recommended
that you review the sections on how the security model has changed from the
authority/permission/group model to the role/privilege/user-extended role model under
Upgrading to Role-Based Security in the Migration document appropriate
to your operating system.