The DBA user is the default user created when a new SAP Sybase IQ database is created.
The password for the DBA user is initially set to "sql." To override the default user name or password during database creation, use the CREATE DATABASE statement with the DBA USER or DBA PASSWORD clause.
By default, the DBA user is automatically granted administrative rights on the SYS_AUTH_DBA_ROLE role, which in turn is granted the SYS_AUTH_SA_ROLE and SYS_AUTH_SSO_ROLE roles. It is the union of these roles which grants the DBA user all system and object-level privileges in the database, and allows DBA to carry out any activity in the database: create tables, change table structures, create new user IDs, revoke privileges from users, and so on.
To ensure database security and accountability, avoid using generic names like "dba" as the first user ID. Use a real user's login name with a strong password instead.
Under certain circumstances, the underlying roles of SYS_AUTH_DBA_ROLE role can be dropped, and the underlying system privileges of the SYS_AUTH_SA_ROLE and SYS_AUTH_SSO_ROLE roles revoked. However, the SAP Sybase IQ documentation assumes that the DBA user is the database administrator, and all underlying roles and system privileges remain as granted by default.
To guard against password loss by the active DBA user, create one or more extra DBA accounts (with a randomly generated user name and password) and lock up those credentials. If the active DBA password is lost, use one of the extra credentials to log in to that DBA account, and reset the original account password.
The DBA can add new users to the database. New users are then granted privileges to carry out authorized tasks on the database. Although DBA responsibilities may be handed over to other user IDs, the DBA is responsible for overall database management by virtue of the SYS_AUTH_DBA_ROLE role.
The DBA can then create database objects and assign ownership of these objects to other user IDs.