System security officers perform security-sensitive tasks in Adaptive Server, including:
Granting the system security officer, operator, and key custodian roles
Administering the audit system
Changing passwords
Adding new logins
Dropping logins
Locking and unlocking login accounts
Creating and granting user-defined roles
Administering network-based security
Granting permission to use the set proxy or set session authorization commands
The system security officer can access any database—to enable auditing —but, in general, has no special permissions on database objects (except for encryption keys and decrypt permission on encrypted columns. See the Users Guide for Encrypted Columns). An exception is the sybsecurity database, where only a system security officer can access the sysaudits table. There are also several system procedures that can be executed only by a system security officer.
System security officers can repair any changes inadvertently done to the protection system by a user. For example, if the database owner forgets his or her password, a system security officer can change the password to allow the database owner to log in.
The system security officers share login management responsibilities with system administrators. System security officers are responsible for adding, locking, and unlocking logins.
System security officers can also create and grant user-defined roles to users, other roles, or groups. See “Creating and assigning roles to users”.
