Managing Individual User IDs and Permissions

Before you manage groups, you should understand user permissions. You can grant permissions to users and create new users using Interactive SQL and Sybase Central.

For most databases, the bulk of permission management should be carried out using groups, rather than by assigning permissions to individual users one at a time. However, because groups are simply a user ID with special properties attached, you should read and understand this section before moving on to the discussion of managing groups.

Using IQ Stored Procedures to Manage Users

You can also create new users using IQ system procedures. You must use those procedures to add users and modify their passwords and other login capabilities, in order to manage those users with the Sybase IQ Login Management facility.

To add and modify users with Sybase IQ Login Management, use the system procedures for user account and connection management.

To grant users permissions on database objects, you must still use the commands and procedures described in the rest of this section.

Using ASE Stored Procedures to Manage Users

This chapter explains how to manage users and groups using Interactive SQL and Sybase Central. You can perform many of the same tasks using Adaptive Server Enterprise-compatible stored procedures. If you have previously used Adaptive Server Enterprise or pre-Version 12.0 Sybase IQ, you may prefer to use these stored procedures. See Reference: Building Blocks, Tables, and Procedures. The ASE stored procedures do not let you use the Sybase IQ Login Management facilities for limiting connections.

Creating a User with Interactive SQL
The DBA or user with USER ADMIN authority can create new users using the CREATE USER statement.
Creating a User in Sybase Central
Follow these steps to create users.
Creating a User in Sybase Control Center
For instructions on creating a Sybase IQ user in Sybase Control Center, see the Sybase Control Center for Sybase IQ online help in SCC or at http://sybooks.sybase.com/nav/summary.do?prod=10680.
Changing a Password
If you have DBA or PERMS ADMIN authority, you can change the password of any existing user.
Granting DBA Authority to a User
DBA authority can grant any authority. Only the DBA can grant DBA authority to database users.
Granting OPERATOR Authority to a User
Most authorities are granted in the same manner. DBA authority can grant any authority. PERMS ADMIN authority can grant any authority except DBA and REMOTE DBA.
Granting PERMS ADMIN Authority to a User
PERMS ADMIN authority can grant any authority except DBA and REMOTE DBA.
Granting RESOURCE Authority to a User
RESOURCE authority allows the user to create new database objects, such as tables, views, indexes, or procedures.
Granting SPACE ADMIN Authority
Most authorities are granted in the same manner. DBA authority can grant any authority. PERMS ADMIN authority can grant any authority except DBA and REMOTE DBA.
Granting USER ADMIN Authority to a User
USER ADMIN authority lets you manage external logins, login policies, and other users.
Permissions on Tables and Views
You can assign a set of permissions on individual tables and views. Users can be granted combinations of these permissions to define their access to a table or view.
Granting the Right to Grant Permissions
To assign table and view permissions, use the GRANT statement clause WITH GRANT OPTION.
Granting Permissions on Procedures in Interactive SQL
There is only one permission that may be granted on a procedure – the EXECUTE permission to execute (or CALL) the procedure.
Revoking User Permissions in Interactive SQL
Any user's permissions are a combination of those that have been granted and those that have been revoked. By revoking and granting permissions, you can manage the pattern of user permissions on a database.

Parent topic: Managing User IDs and Permissions

Related concepts

User Account and Connection Management

Group Management