When a database is created, a single usable user ID is created. This first user ID is DBA and the password is initially set to sql. The DBA user ID is automatically given DBA permissions, also called DBA authority, within the database. This level of permission enables the DBA user ID to carry out any activity in the database: create tables, change table structures, create new user IDs, revoke permissions from users, and so on.
To ensure database security, the DBA needs to change
the password from the default of sql
to
a new value.
A user with DBA authority is referred to as the database administrator or database owner. In this chapter, frequent reference is made to the database administrator, or the DBA. This is shorthand for any user or users with DBA authority.
Although DBA authority may be granted or transferred to other user IDs, in this chapter it is assumed that the DBA user ID is the database administrator, and the abbreviation DBA is used interchangeably to mean both the DBA user ID and any user ID with DBA authority.
WARNING! Never drop the DBA user for a multiplex database. Doing so makes the database invalid.
The following example shows how to give non-DBA users the ability to execute commands that require DBA privileges. This example creates a policy that lets a non-DBA user (user1) perform backup.
CREATE PROCEDURE "DBA".do_backup() BEGIN BACKUP DATABASE CRC ON ATTENDED OFF BLOCK FACTOR 4 FULL TO 'fileA' SIZE 2000 TO 'fileB' SIZE 2000 TO 'fileC' SIZE 2000; END; GRANT EXECUTE ON "DBA".do_backup TO user1;
The DBA has the authority to add new users to the database. As users are added, they are also granted permissions to carry out tasks on the database. Some users may need to simply look at the database information using SQL queries, others may need to add information to the database, and others may need to modify the structure of the database itself. Although some of the responsibilities of the DBA may be handed over to other user IDs, the DBA is responsible for the overall management of the database by virtue of the DBA authority.
The DBA has authority to create database objects and assign ownership of these objects to other user IDs.
See the syntax of the commands for creating database objects, Chapter 2, “SQL Language Elements,” in Reference: Building Blocks, Tables, and Procedures.
User IDs and passwords are actually objects in the database. For details about password case sensitivity, see “User IDs and passwords” in Appendix A, “Compatibility with Other Sybase Databases,” in Reference: Building Blocks, Tables, and Procedures.