Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » User security (roles and privileges) » Upgrading to role-based security


Groups are now achieved using roles

During the upgrade of a pre-16.0 database, each group is converted to a role (either a user-extended role, or a standalone role) of the same name. Members of the original group are automatically granted the new role and all of its underlying privileges. Authorities and object-level permissions that were granted to the original group are converted to their equivalent roles and system privileges and granted to the user-extended role.

If an authority was inheritable, the compatibility role will be inherited by grantees of the new user-extended role. If the authority was non-inheritable, the grantees of the user-extended role do not inherit the compatibility role.

The SQL syntax for creating and administering groups has changed, although the previous GRANT and REVOKE syntax is still supported. To see the deprecated syntax mapped to the new syntax, see Changes to the REVOKE statement syntax and Changes to the GRANT statement syntax.

The following table shows the system users and groups and the roles they are converted to.

Pre-16.0 group Role Description
dbo dbo This role owns many system stored procedures, views, and tables used for UltraLite and MobiLink.
DIAGNOSTICS DIAGNOSTICS This role owns the diagnostic tables and views, and can perform operations on them.
PUBLIC PUBLIC This role has SELECT permission on the system tables. Any new user ID is automatically granted the PUBLIC role.

This role allows users to use the SQL Anywhere Debugger.


This role owns the system tables and views (catalog) for the database, and can perform operations on them.


This role allows users to create, alter, or drop spatial objects.

 See also