Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » User security (roles and privileges) » Roles


User-extended roles

A user-extended role role is a type of user-defined role. It is a user ID that has been extended to act as a role that can be granted to others. User-extended roles are the equivalent of groups in pre-16.0 releases of SQL Anywhere.

When you grant a user-extended role to a user or another role, the grantee inherits all the system and object-level privileges that the user-extended role has, including any administration rights.

Because ownership of database objects is associated with a single user ID, when the owner is a user-extended role, ownership of the database object is not inherited by its grantees. Only granted privileges are inherited.

User-extended roles are convenient when you have a user with a set of system privileges that you want to grant to another user. The user who has become a user-extended role can administer the new role (grant and revoke it to others) unless this privilege is explicitly removed.

When you create a user-extended role, the MANAGE ROLES system privilege is automatically granted the role with administrative rights only.

You can revoke the extension of a role, and control what privileges are revoked from the grantees.

A user can still log in using their user ID even when they are a user-extended role.

To convert a user to a user-extended role, use the CREATE ROLE statement. To convert a user-extended role back to a user, use the DROP ROLE statement.

 See also

Converting a user to a user-extended role (Sybase Central)
Converting a user to a user-extended role (SQL)
Converting a user-extended role back to a user (Sybase Central)
Converting a user-extended role back to a user (SQL)