Many of the commands and procedures discussed in this manual require the System Administrator or System Security Officer role. Other sections in this manual are relevant to Database Owners. A Database Owner’s user name within the database is “dbo”. You cannot log in as “dbo:” a Database Owner logs in under his or her Adaptive Server login name and is recognized as “dbo” by Adaptive Server only while he or she is using the database.
Various security-related, administrative, and operational tasks are grouped into the following system roles:
System Administrator – by default the system administrator (the sa) has the following roles:
sa_role
sso_role
oper_role
sybase_ts_role
The system administrator’s tasks include:
Managing disk storage
Monitoring Adaptive Server’s automatic recovery procedure
Fine-tuning Adaptive Server by changing configurable system parameters
Diagnosing and reporting system problems
Backing up and loading databases
Granting and revoking the System Administrator role
Modifying and dropping server login accounts
Granting permissions to Adaptive Server users
Creating user databases and granting ownership of them
Setting up groups which can be used for granting and revoking permissions)
System Security Officer – who performs security-related tasks such as:
Creating server login accounts, which includes assigning initial passwords
Changing the password of any account
Granting and revoking the System Security Officer and Operator roles
Creating, granting, and revoking user-defined roles
Granting the capability to impersonate another user throughout the server
Setting the password expiration interval
Setting up Adaptive Server to use network-based security services
Managing the audit system
Operator – a user who can back up and load databases on a server-wide basis. The operator role allows a single user to use the dump database, dump transaction, load database, and load transaction commands to back up and restore all databases on a server without having to be the owner of each one. These operations can be performed in a single database by the Database Owner or a System Administrator.
These roles provide individual accountability for users performing operational and administrative tasks. Their actions can be audited and attributed to them. A System Administrator operates outside the discretionary access control (DAC) protection system; that is, when a System Administrator accesses objects Adaptive Server does not check the DAC permissions.
In addition, two kinds of object owners have special status because of the objects they own. These ownership types are:
Database Owner
Database object owner