Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » User security (roles and privileges) » Roles

 

System roles

System roles are roles that are permanent roles built into each new created database. They typically contain the set of privileges required for more complex operations. Here are a few points to remember about system roles.

  • You cannot drop system roles.

  • You cannot grant administrative rights (WITH ADMIN OPTION or WITH ADMIN ONLY OPTION) when granting system roles. Administrative rights on these system roles lies solely with MANAGE ROLES system privilege.

  • When a system role is granted to a user-extended role, grantees of the user-extended role inherit the system role as well.

  • With the exception of the SYS role, you can grant/revoke additional privileges and roles to/from a system role, provided you have administrative rights on the privileges and roles you are granting/revoking.

  • With the exception of the SYS, dbo, and rs_systabgroup role, system roles do not own objects.

System role Description
DBO This role owns many system stored procedures and views, tables used for UltraLite and MobiLink, and is a grantee of the SYS role. Only users with the MANAGE ROLES system privilege can administer this role.
DIAGNOSTICS This role grants SELECT, INSERT, UPDATE, DELETE, and ALTER privileges on diagnostic tables and views. Only users with the MANAGE ROLES system privilege can administer this role.
PUBLIC This role has SELECT privilege on the system tables. As well, the PUBLIC role is a grantee of the SYS and DBO roles, and has read access for some of the system tables and views so users can find out information about the database schema.
rs_systabgroup This role owns tables and system procedures that are required for Replication Server. Only users with the MANAGE ROLES system privilege can administer this role.
SA_DEBUG This role is required for the SQL Anywhere Debugger. Only users with the MANAGE ROLES system privilege can administer this role.
SYS This role owns the catalog, which contains the full description of the database schema, including all database objects and all user IDs. You cannot grant or revoke additional privileges to or from this role. Only users with the MANAGE ROLES system privilege can administer this role.
SYS_REPLICATION_ADMIN_ROLE

This role is required for performing administration tasks related to replication such as granting replication roles, managing publications, subscriptions, synchronization users and profiles, managing message types, setting replication-related options, and so on. Only users with the MANAGE REPLICATION system privilege can administer this role. See Replication-related system roles.

SYS_RUN_REPLICATION_ROLE

This role is required for performing replication using the dbremote utility, and performing synchronization using the dbmlsync utility. Only users with the SYS_REPLICATION_ADMIN_ROLE system role can administer this role.

See Replication-related system roles.

SYS_SAMONITOR_ADMIN_ROLE This role is required for the SQL Anywhere Monitor.
SYS_SPATIAL_ADMIN_ROLE This role allows users to create, alter, or drop spatial reference systems and spatial units of measure. Only users with the MANAGE ROLES system privilege can administer this role.
 See also

Replication-related system roles

Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0