Suppose you have decided to assign special roles to the users listed in Table 9-3.
Name |
Role |
Operating system login name |
---|---|---|
Rajnish Smith |
sso_role |
rsmith |
Catharine Macar-Swan |
sa_role |
cmacar |
Soshi Ikedo |
sa_role |
sikedo |
Julio Rozanski |
oper_role |
jrozan |
Table 9-4 shows the sequence of commands you might use to set up a secure operating environment for Adaptive Server, based upon the role assignments shown in Table 9-3. After logging in to the operating system, you would issue these commands using the initial “sa” account.
Commands |
Result |
---|---|
|
Logs in to Adaptive Server as “sa”. Both sa_role and sso_role are active. |
|
Sets auditing options for server-wide, security-relevant events and the auditing of all actions that have sa_role or sso_role active. |
|
Enables auditing. |
Before you enable auditing, set up a threshold procedure for the audit trail and determine how to handle the transaction log in sybsecurity. For details, see Chapter 12, “Auditing.” |
|
|
Adds logins and passwords for Rajnish, Catharine, Soshi, and Julio. |
|
A default database is not specified for any of these users, so their default database is master. |
|
Grants the sso_role to Rajnish, the sa_role to Soshi and Catharine, and the oper_role to Julio. |
|
Grants access to the auditing database, sybsecurity, by making Rajnish, who is the System Security Officer, the database owner. |
sp_locklogin sa,"lock" |
Locks the “sa” login so that no one can log in as “sa”. Individuals can assume only the roles that are configured for them. |
Do not lock the “sa” login until you have granted individual users the sa_role and sso_role roles and have verified that the roles operate successfully. |