Compatibility roles are like starter roles containing logical groups of privileges. They are also present for backward compatibility with earlier versions of SQL Anywhere that support authority-based security.
You can still grant and revoke authorities using the deprecated GRANT and REVOKE syntax for doing so. However, the database server converts the grant or revoke into their compatibility role equivalent. Additionally, for the pre-16.0 authorities that were not inheritable (DBA, REMOTE DBA, BACKUP, RESOURCE and VALIDATE), their compatibility role equivalent is inheritable by default.
You cannot modify the underlying system privileges of compatibility roles. However, you can migrate them to user-defined roles, and then modify the privileges. When you migrate a compatibility role, all grantees of the compatibility role are automatically granted the user-defined role instead. Migrating a compatibility role to a user-defined role automatically drops the compatibility role. However, you can restore a compatibility role at any time.
Following is a table describing all compatibility roles, including the pre-16.0 version authority equivalent for each role.
| Compatibility role | Description | Pre-16.0 authority |
|---|---|---|
| SYS_AUTH_DBA_ROLE |
This role encompasses all grantable privileges in the software by virtue of being granted the SYS_AUTH_DBA_ROLE and SYS_AUTH_SA_ROLE compatibility roles. |
DBA |
| SYS_AUTH_SA_ROLE |
This role encompasses all database administration privileges that are found in SYS_AUTH_DBA_ROLE system role, and is linked with that role. This role, plus the SYS_AUTH_SSO_ROLE, make up all of the all privileges in the SYS_AUTH_DBA_ROLE system role. This role can be migrated, dropped, and restored, but only as part of performing those operations on SYS_AUTH_DBA_ROLE. |
- |
| SYS_AUTH_SSO_ROLE |
This role encompasses all security and access related privileges that are found in the SYS_AUTH_DBA_ROLE system role. This role, plus the SYS_AUTH_SA_ROLE, make up all of the privileges in the SYS_AUTH_DBA_ROLE system role. This role can be migrated, dropped, and restored, but only as part of performing those operations on SYS_AUTH_DBA_ROLE. |
- |
| SYS_AUTH_BACKUP_ROLE |
This role allows a user to back up databases and transaction logs with archive or image backups by using the BACKUP statement or dbbackup utility. |
BACKUP |
| SYS_AUTH_PROFILE_ROLE |
This role allows a user to perform profiling, tracing, and diagnostic operations. |
PROFILE |
| SYS_AUTH_READCLIENTFILE_ROLE |
This role allows a user to read files on the client computer, for example when loading data from a file on a client computer. |
READCLIENTFILE |
| SYS_AUTH_READFILE_ROLE |
This role allows a user to use the OPENSTRING clause in a SELECT statement to read a file. |
READFILE |
| SYS_AUTH_RESOURCE_ROLE |
This role allows a user to create database objects, such as tables, views, stored procedures, and triggers. |
RESOURCE |
| SYS_AUTH_VALIDATE_ROLE |
This role allows a user to perform database, table, index, and checksum validation by using the VALIDATE statement or dbvalid utility. |
VALIDATE |
| SYS_AUTH_WRITEFILE_ROLE | This role allows a user to execute the xp_write_file system procedure. | WRITEFILE |
| SYS_AUTH_WRITECLIENTFILE_ROLE |
This role allows a user to write to files on a client computer, for example when using the UNLOAD TABLE statement to write data to a client computer. |
WRITECLIENTFILE |
See alsoMigrating a compatibility role to a user-defined role (Sybase Central)
Migrating a compatibility role to a user-defined role (SQL)
Granting a compatibility role (Sybase Central)
Granting a compatibility role (SQL)
Restoring a compatibility role (Sybase Central)
Restoring a compatibility role (SQL)
 |
Discuss this page in DocCommentXchange.
|
Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0 |