Table 25-1 summarizes the Adaptive Server protection system. The type of user listed as the default is the lowest level of user to which the permission is automatically granted. This user can grant the permission to other users or revoke it from other users, if it is transferable.
Task |
Default permissions |
Can be granted or revoked? |
|---|---|---|
Add an alias |
system administrator, Database Owner |
no |
Add columns to a table |
Object owner |
no |
Assign a role to a login |
system security officer |
no |
Bind a default to a table column or user datatype |
Object owner |
no |
Bind an execution class to an execution object |
system administrator |
|
Bind a rule to a table column or user datatype |
Object owner |
no |
Change database device default status |
system administrator |
no |
Change database options |
system administrator, Database Owner |
no |
Change database ownership |
system administrator, Database Owner |
no |
Change database storage allocations |
system administrator |
yes (1) |
Change group membership |
system administrator, Database Owner |
no |
Change login defaults or fullname |
system administrator |
no |
Change login password (5) |
system administrator, system security officersystem security officer |
no |
Create a named cache |
system administrator |
yes |
Create a database |
system administrator |
yes |
Create a database device |
system administrator |
no |
Create a default |
Database Owner |
yes |
Create a dump device |
system administrator |
no |
Create an engine group |
system administrator |
no |
Create an extended stored procedure (create procedure) |
system administrator |
yes |
Create an execution class |
system administrator |
no |
Create a group |
system administrator, Database Owner |
no |
Create an index |
Object owner |
no |
Create a login |
system security officer |
no |
Create a procedure |
Database Owner |
yes |
Create a remote server |
system administrator |
no |
Create a rule |
Database Owner |
yes |
Create a segment |
system administrator, Database Owner |
no |
Create a table |
system security officer (2), Database Owner |
yes (2) |
Create a proxy table |
Database Owner |
yes |
Create a trigger |
Object owner |
no |
Create a user |
system administrator, Database Owner |
no |
Create a user-defined datatype |
Any user |
|
Create a user-defined role |
system security officer |
no |
Create a view |
Database Owner |
yes |
Define remote login mappings |
system security officer |
no |
Delete an alias |
system administrator, Database Owner |
no |
Delete a database or dump device |
system administrator |
no |
Delete a database object |
Object owner (3) |
no |
Delete an engine group |
system administrator |
no |
Delete an extended stored procedure |
system administrator |
no |
Delete an execution class |
system administrator |
no |
Delete a group |
system administrator, Database Owner |
no |
Delete a login |
system administrator |
no |
Delete a remote server |
system administrator |
no |
Delete a segment |
system administrator |
no |
Delete a user |
system administrator, Database Owner |
no |
Delete a user-defined datatype |
system administrator, Database Owner |
no |
Delete a user-defined role |
system security officer |
|
Disable disk mirroring |
system administrator |
no |
Dump a database |
Operator, Database Owner |
no |
Dump a transaction log |
Operator, Database Owner |
no |
Enable disk mirroring |
system administrator |
no |
Execute dbcc commands |
Database Owner |
no |
Execute a procedure |
Object owner (4) |
yes |
Extend a segment |
system administrator, Database Owner |
no |
Grant permission on a database object |
Object owner |
yes |
Grant permission to create a database object |
Database Owner |
yes |
Grant roles to logins |
system administrator, system security officer |
no |
Insert a row in a table |
Object owner (3) |
yes |
Issue a database checkpoint |
Database Owner |
no |
Issue an update statistics command |
Object owner |
no |
Kill a user process |
system administrator |
no |
Load a database from a backup |
Operator, Database Owner |
no |
Load a transaction log from a backup |
Operator, Database Owner |
no |
Lock a login |
system administrator, system security officer |
no |
Move the transaction log to a different device |
system administrator, Operator |
no |
Place new table or view allocations on a segment |
system administrator, Database Owner, Object owner |
no |
Reset Adaptive Server configuration options |
system administrator |
no |
Re-enable disk mirroring on an inactive mirror device |
system administrator |
no |
Revoke permission on an object |
Object owner |
no |
Revoke permission to create an object |
Database Owner |
no |
Shut down Adaptive Server |
system administrator |
no |
Unbind a default from a table column or user datatype |
Object owner |
no |
Unbind a rule from a table column or user datatype |
Object owner |
no |
(1) Transferred with database ownership. (2) Public can create temporary tables, no permission required (3) If a view, permission defaults to view owner (4) Defaults to stored procedure owner (5) All users can change their own passwords |
||
| Copyright © 2009. Sybase Inc. All rights reserved. |
|
|