Proper management of user IDs and permissions allows you to work effectively while maintaining the security and privacy of appropriate information within the database.
Use SQL statements to assign user IDs to new users of a database, to grant and revoke permissions and authorities for database users, and to display the current permissions of users. You can also use Sybase Control Center to assign user IDs and to grant and revoke authorities; for instructions, see the Sybase Control Center for Sybase IQ online help in SCC or at http://sybooks.sybase.com/nav/summary.do?prod=10680.
A permission grants the ability to create, modify, query, use, or delete database objects such as tables, views, users, and so on. An authority grants the ability to perform a task at the database level, such as backing up the database.
Database permissions are assigned to user IDs. Throughout this chapter, the term user serves as a synonym for user ID. Remember, however, that permissions are granted and revoked for each user ID.
Even if there are no security concerns regarding a multiuser database, there are good reasons for setting up an individual user ID for each user. The administrative overhead for individual user IDs is very low if a group with the appropriate permissions is set up. Groups of users are discussed later in this chapter.
The network server screen and the listing of connections in Sybase Central are both much more useful with individual user IDs, as you can tell which connections are which users.
The backup log identifies the user ID that created the backup.
The message log displays the user ID for each database connection.
While all permissions are inheritable (from the groups to which the user belongs), only some authorities are inheritable.
Except for DBA, which has full administrative privileges, each authority has permissions to perform certain types of tasks.