Managing user permissions and authorities

This section describes how to create new users and grant permissions and authorities to them. For most databases, the bulk of permission management should be performed using groups, rather than by assigning permissions to individual users one at a time. However, as a group is simply a user ID with special properties, you should read and understand this section before moving on to the discussion of managing groups.

Setting up individual user IDs

Even if there are no security concerns regarding a multi-user database, there are good reasons for setting up an individual user ID for each user. In addition to granting permissions to individual users, you can also grant permissions to groups of users. The administrative overhead is very low if a group with the appropriate permissions is set up.

You may want to use individual user IDs since:

  • The Log Translation utility (dblog) can selectively extract the changes made by individual users from a transaction log. This is very useful when troubleshooting or piecing together what happened if data is incorrect.
  • Sybase Central displays much more useful information so you can tell which connections belong to which users.
  • Row locking messages (with the blocking option set to Off) are more informative.

Creating new users
Setting a password
Changing a password
Setting user and group options
Granting authorities
Granting permissions on tables
Granting permissions on views
Granting users the right to grant permissions
Granting permissions on procedures
Execution permissions of triggers
Granting and revoking remote permissions
Revoking user permissions and authorities
Deleting users from the database

Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0