Many SAP ASE commands and procedures require the system administrator or system security officer role. Other system administration information is relevant to database owners.
Managing disk storage
Monitoring the automatic recovery procedure
Fine-tuning by changing configurable system parameters
Diagnosing and reporting system problems
Backing up and loading databases
Modifying and dropping server login accounts
Granting and revoking the system administrator role
Granting permissions
Creating user databases and granting ownership of them
Setting up groups, which can be used for granting and revoking permissions
Creating server login accounts, which includes assigning initial passwords
Changing the password of any account
Granting and revoking the system security officer and operator roles
Creating, granting, and revoking user-defined roles
Granting the capability to impersonate another user throughout the server
Setting the password expiration interval
Setting up network-based security services
Managing the audit system
Operator – backs up and loads databases on a server-wide basis. The operator role allows a single user to use the dump database, dump transaction, load database, and load transaction commands to back up and restore all databases on a server without having to be the owner of each one. These operations can be performed for an individual database by the database owner or by a system administrator. However, an operator can perform them for any database.
These roles provide individual accountability for users who are performing operational and administrative tasks. Their actions can be audited and attributed to them. A system administrator operates outside the discretionary access control (DAC) protection system; that is, when a system administrator accesses objects, SAP ASE does not check the DAC permissions.