Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » User security (roles and privileges) » Privileges

 

System privileges

This table lists the system privileges in SQL Anywhere, grouped by the type of object or operation that they pertain to. You can view the roles and privileges a user has from Sybase Central by clicking them and viewing the details that are displayed. You can also retrieve the details by using the sp_displayroles system procedure. See Viewing the roles and privileges for a user or role (Sybase Central) and Viewing the roles and privileges for a user or role (SQL).

Note

By default, all system privileges are inherited by a user who has the SYS_RUN_REPLICATION_ROLE system role. This is because the SYS_AUTH_DBA_ROLE system role has been granted to SYS_RUN_REPLICATION_ROLE. You can revoke the SYS_AUTH_DBA_ROLE system role from SYS_RUN_REPLICATION_ROLE to prevent this, and then grant only the privileges your replication requires to the SYS_RUN_REPLICATION_ROLE system role. However, a user granted the SYS_RUN_REPLICATION_ROLE system role can only exercise the privileges of this role on remote connections. See Security considerations with role-based access control and synchronization.

System privilege according to object or functionality Description Users/roles can inherit from:
Databases
ALTER DATABASE

Allows a user to:

  • Upgrade a database.

  • Perform cost model calibration.

  • Load database statistics.

  • Alter transaction logs (also requires the SERVER OPERATOR system privilege).
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
BACKUP DATABASE Allows a user to back up a database.
  • DIAGNOSTICS
  • SYS_AUTH_BACKUP_ROLE
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_PROFILE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
CHECKPOINT Allows a user to force the database server to execute a checkpoint.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
DROP CONNECTION Allows a user to drop any connections to the database.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
MANAGE PROFILING Allows a user to manage database server tracing for application profiling.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_PROFILE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
MONITOR Allows a user to monitor a database, including accessing privileged statistics, connected users, and locks.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
Database options
SET ANY PUBLIC OPTION Allows a user to set PUBLIC database options that do not require the SET ANY SECURITY OPTION or the SET ANY SYSTEM OPTION system privileges.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
SET ANY SECURITY OPTION Allows a user to set any PUBLIC security database options.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
SET ANY SYSTEM OPTION Allows a user to set PUBLIC system database options.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
SET ANY USER DEFINED OPTION Allows a user to set user-defined database options.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
Data types
ALTER DATATYPE Allows a user to alter data types.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE DATATYPE Allows a user to create data types.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP DATATYPE Allows a user to drop data types.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Dbspaces
MANAGE ANY DBSPACE

Allows a user to:

  • Create, alter, drop, and comment on dbspaces.

  • Grant and revoke CREATE privileges on dbspaces.

  • Move data to any dbspace.

  • Run the database delete file function.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
Debugging
DEBUG ANY PROCEDURE Allows a user to debug procedures, functions, triggers, and events.
  • SA_DEBUG
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Events
MANAGE ANY EVENT Allows a user to create, alter, drop, trigger, and comment on events.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
External environments
CREATE EXTERNAL REFERENCE

Allows a user to create external references in the database.

You must have the system privileges required to create specific database objects before you can create external references.

For example, creating a self-owned text configuration object that uses an external term breaker and/or prefilter requires both the CREATE TEXT CONFIGURATION and CREATE EXTERNAL REFERENCE system privileges.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
MANAGE ANY EXTERNAL ENVIRONMENT

Allows a user to alter, comment on, start, and stop external environments.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
MANAGE ANY EXTERNAL OBJECT Allows a user to install, comment on, and remove external environment objects.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Files
READ CLIENT FILE Allows a user to read files on the client computer.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_READCLIENTFILE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
READ FILE Allows a user to read files on the database server computer.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_READFILE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
WRITE CLIENT FILE Allows a user to write files on the client computer.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_AUTH_WRITECLIENTFILE_ROLE
  • SYS_RUN_REPLICATION_ROLE
WRITE FILE Allows a user to write files on the database server computer.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_AUTH_WRITEFILE_ROLE
  • SYS_RUN_REPLICATION_ROLE
Indexes
ALTER ANY INDEX Allows a user to alter and comment on indexes and text indexes on tables and views owned by any user.
  • DIAGNOSTICS
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_PROFILE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY INDEX Allows a user to create and comment on indexes and text indexes on tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY INDEX Allows a user to drop indexes and text indexes on tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
LDAP
MANAGE ANY LDAP SERVER Allows a user to create, alter, drop, validate, and comment on LDAP servers.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
Materialized views
ALTER ANY MATERIALIZED VIEW Allows a user to alter and comment on materialized views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY MATERIALIZED VIEW Allows a user to create and comment on materialized views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE MATERIALIZED VIEW Allows a user to create and comment on self-owned materialized views.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY MATERIALIZED VIEW Allows a user to drop materialized views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Messages
CREATE MESSAGE Allows a user to create messages.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP MESSAGE Allows a user to drop messages.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Miscellaneous
ALTER ANY OBJECT

Allows a user to alter and comment on the following types of objects owned by any user:

  • Data types

  • Events

  • Functions

  • Indexes

  • Materialized views

  • Messages

  • Procedures

  • Sequence generators

  • Spatial reference systems

  • Spatial units of measure

  • Statistics

  • Tables

  • Text configuration objects

  • Text indexes

  • Triggers

  • Views

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
ALTER ANY OBJECT OWNER Allows a user to alter the owner of any type of object.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
COMMENT ANY OBJECT Allows a user to comment on any type of object that can be created using the CREATE ANY OBJECT system privilege.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY OBJECT

Allows a user to create and comment on the following types of objects owned by any user:

  • Data types

  • Events

  • Functions

  • Indexes

  • Materialized views

  • Messages

  • Procedures

  • Sequence generators

  • Spatial reference systems

  • Spatial units of measure

  • Statistics

  • Tables

  • Text configuration objects

  • Text indexes

  • Triggers

  • Views

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY OBJECT

Allows a user to drop the following types of objects owned by any user:

  • Data types

  • Events

  • Functions

  • Indexes

  • Materialized views

  • Messages

  • Procedures

  • Sequence generators

  • Spatial reference systems

  • Spatial units of measure

  • Statistics

  • Tables

  • Text configuration objects

  • Text indexes

  • Triggers

  • Views

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
MANAGE ANY OBJECT PRIVILEGE

Allows a user to:

  • Grant and revoke SELECT, INSERT, DELETE, UPDATE, ALTER, REFERENCES, LOAD, and TRUNCATE privileges on tables owned by any user.

  • Grant and revoke SELECT, INSERT, DELETE, and UPDATE privileges on views owned by any user.

  • Grant and revoke EXECUTE privileges on procedures and functions owned by any user.

  • Grant and revoke USAGE privileges on sequence generators owned by any user.

  • Grant and revoke CREATE privileges on dbspaces.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
MANAGE CERTIFICATES Allows a user to create, alter, drop, and comment on certificates.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
REORGANIZE ANY OBJECT Allows a user to reorganize tables and materialized views.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
VALIDATE ANY OBJECT Allows a user to validate tables, materialized views, indexes, and text indexes.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_AUTH_VALIDATE_ROLE
  • SYS_RUN_REPLICATION_ROLE
Mirror servers
MANAGE ANY MIRROR SERVER

Allows a user to:

  • Create, alter, drop, and comment on mirror servers.

  • Change mirror server parameters.

  • Set mirror server options.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Procedures
ALTER ANY PROCEDURE Allows a user to alter and comment on procedures and functions owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
CREATE ANY PROCEDURE Allows a user to create and comment on procedures and functions owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
CREATE PROCEDURE Allows a user to create self-owned procedures and functions.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY PROCEDURE Allows a user to drop procedures and functions owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
EXECUTE ANY PROCEDURE Allows a user to execute procedures and functions owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Auditing
MANAGE AUDITING Allows a user to run the sa_audit_string system procedure.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
Email
SEND EMAIL

Allows a user to run the following mail-related system procedures:

  • xp_get_mail_error_code
  • xp_get_mail_error_text
  • xp_startmail
  • xp_stopmail
  • xp_startsmtp
  • xp_stopsmtp
  • xp_sendmail
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Replication
MANAGE REPLICATION

Allows a user to:

  • Create, alter, drop, and comment on publications.

  • Create, alter, and drop MobiLink users.

  • Create, alter, drop, start, stop, and synchronize SQL Remote and synchronization subscriptions.

  • Create, alter, drop, and comment on synchronization profiles.

  • Create, alter, drop, and comment on SQL Remote message types.

  • Set remote options.

  • Start and stop schema synchronization.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
Roles
MANAGE ROLES

Allows a user to create new roles and act as a global administrator for new and existing roles. By default, MANAGE ROLES is granted administrative rights on each newly created role.

Administration of a role can also be granted directly to users either during or after the creation of the role. When granted directly to a user, the user does not require the MANAGE ROLES system privilege to administer the role.

See Role administrators.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
UPGRADE ROLE

Allows a user to be a default administrator of any system privilege that is introduced when upgrading a SQL Anywhere database from version 16.0.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Sequences
ALTER ANY SEQUENCE Allows a user to alter sequence generators owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY SEQUENCE Allows a user to create sequence generators, regardless of owner.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY SEQUENCE Allows a user to drop sequence generators owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
USE ANY SEQUENCE Allows a user to use sequence generators owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Server operators
SERVER OPERATOR

Allows a user to:

  • Create, restore, drop, start, and stop databases, change ownership of a database, and restore the catalog (only).

  • Create, alter, and drop remote servers and directory access servers.

  • Manage a server cache.

  • Start and stop database servers.

  • Create encrypted and decrypted databases and files.

  • Change a database transaction log.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
Spatial objects
MANAGE ANY SPATIAL OBJECT

Allows a user to create, alter, drop, and comment on spatial reference systems and spatial unit of measures.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SPATIAL_ADMIN_ROLE
Statistics
MANAGE ANY STATISTICS Allows a user to create, alter, drop, and update database statistics for any table.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Tables
ALTER ANY TABLE

Allows a user to:

  • Alter and comment on tables (including proxy tables) owned by any user.

  • Comment on columns in tables (including proxy tables) owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY TABLE

Allows a user to:

  • Create and comment on tables (including proxy tables) owned by any user.

  • Comment on columns in tables (including proxy tables) owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
CREATE PROXY TABLE

Allows a user to create self-owned proxy tables.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE TABLE

Allows a user to create self-owned tables.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DELETE ANY TABLE Allows a user to delete rows in tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY TABLE Allows a user to drop tables (including proxy tables) owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
INSERT ANY TABLE Allows a user to insert rows into tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
LOAD ANY TABLE Allows a user to load data into tables owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
SELECT ANY TABLE Allows a user to query tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
TRUNCATE ANY TABLE Allows a user to truncate data for tables and materialized views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
UPDATE ANY TABLE Allows a user to update rows in tables and views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Text configuration objects
ALTER ANY TEXT CONFIGURATION Allows a user to alter and comment on text configuration objects owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY TEXT CONFIGURATION Allows a user to create and comment on text configuration objects owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE TEXT CONFIGURATION Allows a user to create self-owned text configuration objects.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY TEXT CONFIGURATION Allows a user to drop text configuration objects owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Tracing
MANAGE ANY TRACE SESSION Allows a user to perform all event tracing-related operations, with the exception of triggering a user trace event.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
NOTIFY TRACE EVENT Allows a user to trigger a user trace event.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Triggers
ALTER ANY TRIGGER Allows a user to alter and comment on triggers on tables and views.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY TRIGGER Allows a user to create and comment on triggers on tables and views.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Users and login management
CHANGE PASSWORD

Allows a user to manage user passwords for any user.

This system privilege can apply to all users, or it can be limited to a set of specified users, or users who are granted one or more specified roles.

This system privilege is not required to change a user's own password.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
MANAGE ANY LOGIN POLICY Allows a user to create, alter, drop, and comment on login policies.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
MANAGE ANY USER

Allows a user to:

  • Create, alter, drop, and comment on database users (including assigning an initial password).

  • Force a password change on next login for any user.

  • Assign and reset the login policy for any user.

  • Create, drop, and comment on integrated logins and Kerberos logins.

  • Create and drop external logins.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_SAMONITOR_ADMIN_ROLE
SET USER

Allows a user to temporarily assume the roles and privileges of another user.

This system privilege can apply to all users, or can be limited to a set of specified users, or users who are granted one or more specified roles.

  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_AUTH_SSO_ROLE
  • SYS_RUN_REPLICATION_ROLE
Views
ALTER ANY VIEW Allows a user to alter and comment on views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE ANY VIEW Allows a user to create and comment on views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
CREATE VIEW Allows a user to create self-owned views.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_RESOURCE_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
DROP ANY VIEW Allows a user to drop views owned by any user.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
Web services
MANAGE ANY WEB SERVICE Allows a user to create, alter, drop, and comment on web services.
  • SYS_AUTH_DBA_ROLE
  • SYS_AUTH_SA_ROLE
  • SYS_RUN_REPLICATION_ROLE
  • SYS_REPLICATION_ADMIN_ROLE
Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0