Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » SQL Anywhere Server - Database Administration » User and database security » Data security

Security: User IDs

By assigning user IDs and passwords, the database administrator controls who has access to a database.

By granting privileges to each user ID, the database administrator controls which tasks each user can perform when connected to the database.

Privilege scheme is based on user IDs

When a user logs on to the database, they have access to all database objects that meet any of the following criteria:

  • objects the user created
  • objects to which the user has received explicit privilege
  • objects to which a group the user belongs to received explicit privilege

The user cannot access any database object that does not meet these criteria. In short, users can access only the objects they own or objects to which they explicitly received access privileges.

Roles and privileges

You can control the tasks users can perform on database objects (such as creating, modifying, executing, updating, and so on), and the administrative tasks (such as backing up, profiling, and so on) that a user can perform, by granting roles and privileges.

You grant roles and privileges using the GRANT and GRANT ROLE statement.

The REVOKE and REVOKE ROLE statements perform the opposite of granting. Any role or privilege that GRANT has explicitly given, REVOKE can take away. Revoking CONNECT from a user removes the user from the database, including all objects owned by that user.

Guest user ID

Creating the user ID Guest with a password permits login access to the database for anyone that can authenticate to a database using Integrated or Kerberos logins. No login mapping using a GRANT statement is required. Although the Guest user is limited by the roles and privileges assigned to it, creating the Guest user ID is not recommended.