A user-extended role role is a type of user-defined role. It is a user ID that has been extended to act as a role that can be granted to others. User-extended roles are the equivalent of groups in pre-16.0 releases of SQL Anywhere.
When you grant a user-extended role to a user or another role, the grantee inherits all the system and object-level privileges that the user-extended role has, including any administration rights.
Because ownership of database objects is associated with a single user ID, when the owner is a user-extended role, ownership of the database object is not inherited by its grantees. Only granted privileges are inherited.
User-extended roles are convenient when you have a user with a set of system privileges that you want to grant to another user. The user who has become a user-extended role can administer the new role (grant and revoke it to others) unless this privilege is explicitly removed.
When you create a user-extended role, the MANAGE ROLES system privilege is automatically granted the role with administrative rights only.
You can revoke the extension of a role, and control what privileges are revoked from the grantees.
A user can still log in using their user ID even when they are a user-extended role.
To convert a user to a user-extended role, use the CREATE ROLE statement. To convert a user-extended role back to a user, use the DROP ROLE statement.
Converting a user to a user-extended role (Sybase Central)
Converting a user to a user-extended role (SQL)
Converting a user-extended role back to a user (Sybase Central)
Converting a user-extended role back to a user (SQL)
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|