Super-User

Super-users are users that can exercise any system privilege and administer any role; they can perform any privileged operation in the system. Role-based security does not require a super-user to maintain the database, and the DBA user may not be a super-user.

By default, the DBA user can exercise any system privilege, but since it may not be able to administer all user-defined roles, it is not considered a true super-user. SAP Sybase IQ does not automatically create a super-user for a new or migrated database.

To create a super-user, create a user and grant it the SYS_AUTH_DBA_ROLE compatibility role.

Note: If you migrated SYS_AUTH_DBA_ROLE, you must manually grant all of the underlying default system privileges of SYS_AUTH_DBA_ROLE, with administration rights, to create the super-user.

Once the super-user is created, going forward, to maintain the super-user status, all new user-extended and user-defined roles must be granted to the super-user, with administrative rights.

To allow the DBA user to act as a super-user, all new user-extended and user-defined roles must be granted to the DBA user, with administrative rights.

Administrative rights can be granted in the form of a role administrator or a global role administrator.