You must create separate user and group accounts for RAPCache and VLDBServer. Before you create these accounts, be aware that user and group models in Adaptive Server Enterprise and Sybase IQ differ.
All ASE users require a server login ID and password and a user ID for each database they want to access on that server.
Sybase IQ users do not require a server login ID. All Sybase IQ users receive a user ID and password for a database.
ASE and IQ groups differ:
ASE allows each user to be a member of only one group.
In IQ, users and groups are database objects. Groups can contain users and other groups. Users can belong to multiple groups, and group hierarchies are allowed.
GRANT and REVOKE statements for granting permissions on individual database objects are very similar.
Both ASE and Sybase IQ allow SELECT, INSERT, DELETE, UPDATE, and REFERENCES permissions on database tables and views, and UPDATE permissions on selected columns of database tables.
For example, the following statement is valid in both products:
GRANT INSERT, DELETE ON TITLES TO MARY, SALES
This statement grants permission to use the INSERT and DELETE statements on the TITLES table to user MARY and to the SALES group.
Both products allow EXECUTE permissions to be granted on stored procedures.
ASE also supports GRANT and REVOKE on additional items:
Objects: columns within tables, columns within views, and stored procedures
User abilities: Create Database, Create Default, Create Procedure, Create Rule, Create Table, Create View
Sybase IQ requires a user to have RESOURCE authority to create database objects. (A closely corresponding Adaptive Server Enterprise permission is GRANT ALL, used by a Database Owner.)
Both products support the WITH GRANT OPTION clause, allowing the recipient of permissions to grant them in turn, although IQ does not permit WITH GRANT OPTION to be used on a GRANT EXECUTE statement.
Adaptive Server Enterprise and Sybase IQ use different models for database-wide permissions.
Sybase IQ employs DBA permissions to allow a user full authority within a database.
ASE System Administrators enjoy database-wide user permission for all databases on the server, but the database owner must use a SETUSER statement to gain permissions on objects owned by other users.
ASE and Sybase IQ use different models to create users.
ASE requires separate server and database accounts. sp_addlogin creates a server login account for a new user. sp_adduser gives database and group privileges.
Sybase IQ adds users in a single step, but does not assign permissions beyond connecting to the database and viewing the system tables. Permissions to access database tables must be explicitly assigned.
Sybase IQ does not require stored procedures to add or drop users, but does allow DBAs to add or drop user accounts. When a DBA enables IQ User Administration, these accounts let DBAs control user connections and password expirations.
For details about managing Adaptive Server login accounts and database users, see “Managing Adaptive Server Logins, Database Users, and Client Connections” in the Adaptive Server Enterprise System Administration Guide, Volume 1.
For details about Sybase IQ User Administration, see “Managing User IDs and Permissions” and “Sybase IQ as a Data Server,” in the Sybase IQ System Administration Guide.
