System Security Officers perform security-sensitive tasks in Adaptive Server, including:
Granting the System Security Officer and Operator roles
Administering the audit system
Changing passwords
Adding new logins
Locking and unlocking login accounts
Creating and granting user-defined roles
Administering network-based security
Granting permission to use the set proxy or set session authorization commands
The System Security Officer can access any database—to enable auditing —but, in general, has no special permissions on database objects. An exception is the sybsecurity database, where only a System Security Officer can access the sysaudits table. There are also several system procedures that can be executed only by a System Security Officer.
System Security Officers can repair any damage inadvertently done to the protection system by a user. For example, if the Database Owner forgets his or her password, a System Security Officer can change the password to allow the Database Owner to log in.
System Security Officers can also create and grant user-defined roles to users, other roles, or groups. For information about creating and granting user-defined roles, see “Creating and assigning roles to users”.
