Compatibility Roles

Compatibility roles exist for backward compatibility with versions of SAP Sybase IQ earlier than 16.0. that support authority-based security.

You can grant, revoke, and under specific conditions, delete compatibility roles. You cannot modify any of the underlying system privileges. However, you can migrate compatibility roles to user-defined roles, and then modify the underlying system privileges. When you migrate a compatibility role, all grantees of the compatibility role are automatically granted the user-defined role.

Use the compatibility roles SYS_AUTH_SA_ROLE and SYS_AUTH_SSO_ROLE to administer and grant all individual system privileges in a new database. The union of the system privileges of these two roles is granted to the compatibility role SYS_AUTH_DBA_ROLE. By default, SYS_AUTH_DBA_ROLE is granted to the DBA user with administrative privileges. Thus, all system privileges are initially granted to the DBA user.

You can grant users to, and revoke users from, compatibility roles.

• Grant Compatibility Roles
  Granting a compatibility role is semantically equivalent to granting each of its underlying system privileges and roles.
• Revoking a Compatibility Role
  Revoke a compatibility role from a user or role.
• Migrating a Compatibility Role
  Migrate all underlying system privileges of a compatibility role to a user-defined role.
• Dropping a Compatibility Role
  All compatibility roles, with the exception of SYS_AUTH_SA_ROLE and SYS_AUTH_SSO_ROLE can be dropped. SYS_AUTH_SA_ROLE and SYS_AUTH_SSO_ROLE are automatically dropped when SYS_AUTH_DBA_ROLE is dropped.
• Re-creating a Compatibility Role
  Re-creates a dropped compatibility role.
• Implications of Migrating Compatibility Roles
  Some system roles are indirectly granted the system privileges necessary to execute privileged tasks through membership in compatibility roles.