Disallow all access to the underlying tables, and grant privileges to
users or roles to execute certain stored procedures. This approach strictly defines how to
control database modifications.
To allow users with specific
privileges to administer certain tasks using SAP Sybase IQ system
procedures:
- Create a role for each set of authorized tasks to be performed and grant the
role the applicable system privileges.
- Grant each of these roles to a single common role.
- Grant EXECUTE privileges on the IQ procedure for performing the authorized
tasks to the applicable role.
- When a new user is created who is to be granted authorized tasks, grant the
role created for each authorized task to the user.