SQL Anywhere provides a role-based access control model for the execution of privileged operations. A role-based security model provides complete control and granularity for the privileges you want to grant to users. Each privileged operation a user can perform in the database requires one or more system privilege or object-level privilege.
A system privilege is a right to perform an authorized database task. For example, the CREATE TABLE system privilege allows a user to create self-owned tables.
An object-level privilege is a right to perform an authorized task on a specified object. For example, having ALTER privileges on TableA allows a user to alter that table, but not other tables.
A role is a collection of one or more system privileges, object-level privileges, or roles. You can grant roles to other roles to create a role hierarchy. Granting a role to a user is equivalent to granting the user the underlying system privileges for the role.
Each new or migrated SQL Anywhere database includes a predefined set of roles you can use to get started. These system roles act as a starting point for implementing role-based security.
If you are a pre-16.0 SQL Anywhere customer, it is recommended that you review these sections on how the security model has changed from the authority/permission/group model to the role/privilege/user-extended role model: Upgrading to role-based security.
Inheritance of roles and privileges
Plan and implement a role-based security hierarchy
Ownership of nested objects
Tutorial: Granting roles and privileges (Sybase Central)
Tutorial: Granting roles and privileges (SQL)
Upgrading to role-based security
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|