Many of the commands and procedures discussed in this manual require the system administrator or system security officer role. Other sections in this manual are relevant to database owners.
Various security-related, administrative, and operational tasks are grouped into the following user roles:
system administrator – by default, the system administrator (sa) is assigned these roles:
sa_role
sso_role
oper_role
sybase_ts_role
The system administrator’s tasks include:
Managing disk storage
Monitoring the Adaptive Server automatic recovery procedure
Fine-tuning Adaptive Server by changing configurable system parameters
Diagnosing and reporting system problems
Backing up and loading databases
Modifying and dropping server login accounts
Granting and revoking the system administrator role
Granting permissions to Adaptive Server users
Creating user databases and granting ownership of them
Setting up groups, which can be used for granting and revoking permissions
System security officer – performs security-related tasks, such as:
Creating server login accounts, which includes assigning initial passwords
Changing the password of any account
Granting and revoking the system security officer and operator roles
Creating, granting, and revoking user-defined roles
Granting the capability to impersonate another user throughout the server
Setting the password expiration interval
Setting up Adaptive Server to use network-based security services
Managing the audit system
Operator – backs up and loads databases on a server-wide basis. The operator role allows a single user to use the dump database, dump transaction, load database, and load transaction commands to back up and restore all databases on a server without having to be the owner of each one. These operations can be performed for an individual database by the database owner or by a system administrator. However, an operator can perform them for any database.
These roles provide individual accountability for users performing operational and administrative tasks. Their actions can be audited and attributed to them. A system administrator operates outside the discretionary access control (DAC) protection system; that is, when a system administrator accesses objects, Adaptive Server does not check the DAC permissions.
In addition, two kinds of object owners have special status because of the objects they own. These ownership types are:
Database owner
Database object owner
