This uses special roles assigned to the users listed in Table 13-2.
Name |
Privilege |
Operating system login name |
|---|---|---|
Rajnish Smith |
sso_role |
rsmith |
Catherine Macar-Swan |
sa_role |
cmacar |
Soshi Ikedo |
sa_role |
sikedo |
Julio Rozanski |
oper_role |
jrozan |
Alan Johnson |
dbo |
ajohnson |
Table 13-3 shows the sequence of commands you might use to set up a secure operating environment for Adaptive Server, based on the role assignments shown in Table 13-2. After logging in to the operating system, issue these commands using the initial “sa” account.
Commands |
Result |
|---|---|
|
Logs in to Adaptive Server as “sa.” Both sa_role and sso_role are active. |
|
Sets auditing options for server-wide, security-relevant events, and the auditing of all actions that have sa_role or sso_role active. |
|
Enables auditing. |
|
|
|
Adds logins and passwords for Rajnish, Catherine, Soshi, and Julio. |
|
A default database is not specified for any of these users, so their default database is master. |
|
Grants the sso_role to Rajnish, the sa_role to Soshi and Catherine, and the oper_role to Julio. |
|
Grants access to the auditing database, sybsecurity, by making Rajnish, who is the system security officer, the database owner. Alan is not granted any system-defined roles. |
use master sp_addlogin ajohnson, j06n50n, @fullname = "Alan Johnson" create database sales_summary use sales_summary sp_changedbowner ajohnson sp_modifylogin ajohnson, 'defdb', sales_summary |
Creates a new database sales_summary and makes Alan the owner of this database. Because he is the database owner, Alan can now create users, create new database objects, and grant permissions to other users in this database. |
sp_locklogin sa,"lock" |
Locks the “sa” login so that no one can log in as “sa.” Individuals can assume only the roles that are configured for them. |
|
|
Before you enable
auditing, set up a threshold procedure for the audit trail and determine
how to handle the transaction log in sybsecurity.
See 