System roles are roles that are permanent roles built into each new created database. They typically contain the set of privileges required for more complex operations. Here are a few points to remember about system roles.
You cannot drop system roles.
You cannot grant administrative rights (WITH ADMIN OPTION or WITH ADMIN ONLY OPTION) when granting system roles. Administrative rights on these system roles lies solely with MANAGE ROLES system privilege.
When a system role is granted to a user-extended role, grantees of the user-extended role inherit the system role as well.
With the exception of the SYS role, you can grant/revoke additional privileges and roles to/from a system role, provided you have administrative rights on the privileges and roles you are granting/revoking.
With the exception of the SYS, dbo, and rs_systabgroup role, system roles do not own objects.
|DBO||This role owns many system stored procedures and views, tables used for UltraLite and MobiLink, and is a grantee of the SYS role. Only users with the MANAGE ROLES system privilege can administer this role.|
|DIAGNOSTICS||This role grants SELECT, INSERT, UPDATE, DELETE, and ALTER privileges on diagnostic tables and views. Only users with the MANAGE ROLES system privilege can administer this role.|
|PUBLIC||This role has SELECT privilege on the system tables. As well, the PUBLIC role is a grantee of the SYS and DBO roles, and has read access for some of the system tables and views so users can find out information about the database schema.|
|rs_systabgroup||This role owns tables and system procedures that are required for Replication Server. Only users with the MANAGE ROLES system privilege can administer this role.|
|SA_DEBUG||This role is required for the SQL Anywhere Debugger. Only users with the MANAGE ROLES system privilege can administer this role.|
|SYS||This role owns the catalog, which contains the full description of the database schema, including all database objects and all user IDs. You cannot grant or revoke additional privileges to or from this role. Only users with the MANAGE ROLES system privilege can administer this role.|
This role is required for performing administration tasks related to replication such as granting replication roles, managing publications, subscriptions, synchronization users and profiles, managing message types, setting replication-related options, and so on. Only users with the MANAGE REPLICATION system privilege can administer this role. See Replication-related system roles.
This role is required for performing replication using the dbremote utility, and performing synchronization using the dbmlsync utility. Only users with the SYS_REPLICATION_ADMIN_ROLE system role can administer this role.
|SYS_SAMONITOR_ADMIN_ROLE||This role is required for the SQL Anywhere Monitor.|
|SYS_SPATIAL_ADMIN_ROLE||This role allows users to create, alter, or drop spatial reference systems and spatial units of measure. Only users with the MANAGE ROLES system privilege can administer this role.|
Discuter à propos de cette page dans DocCommentXchange.
|Copyright © 2013, SAP AG ou société affiliée SAP - SAP Sybase SQL Anywhere 16.0|