Identification and authentication  Accountability

Chapter 3: New Features in Adaptive Server 12.5.2 and 12.5.3

Access control

The access control changes to Adaptive Server version 12.5.2 are discussed in this section.


Improved granularity for set proxy

In earlier versions of Adaptive Server, set proxy allowed you to switch your server user identity to any other server login, but it did not allow you to limit use of set proxy based on the target login roles. When you granted set proxy to a user, this user could become any other server user.

As of Adaptive Server version 12.5.2, you can grant set proxy...restricted role, which allows you to restrict which roles cannot be acquired when switching identities.


Grant revoke on administration commands

Adaptive Server version 12.5.2 allows you to grant and revoke permissions for users, roles, and groups for the update statistics, delete statistics, and truncate table commands. Table owners can also provide permissions through an implicit grant by adding update statistics, delete statistics, and truncate table to a stored procedure and then granting execute permissions on that procedure to a user or role.

You cannot grant or revoke permissions for update statistics at the column level. You must have the sso_role to run update statistics or delete statistics on sysroles, syssrvroles, and sysloginroles security tables.

By default, users with the sa_role have permission to run update statistics and delete statistics on system tables other than sysroles, syssrvroles and sysloginroles, and can transfer this privilege to other users.


Restricted permission on system catalogs

Adaptive Server version 12.5.2 adds the default permissions parameter to the grant and revoke commands, which allows you to grant and revoke the default permissions for the system tables listed below. The partial syntax is:

grant default permissions on system tables

revoke default permissions on system tables

where default permissions on system tables specifies that you grant or revoke the default permissions for the following system tables when you issue it from any database:

sysalternates

sysindexes

sysprocedures

systabstats

sysattributes

sysjars

sysprotects

systhresholds

syscolumns

syskeys

sysqueryplans

systypes

syscomments

syslogs

sysreferences

sysusermessages

sysconstraints

sysobjects

syssegments

sysusers

sysdepends

syspartitions

sysstatistics

sysxtypes

default permissions on system tables also makes the following changes:




Copyright © 2005. Sybase Inc. All rights reserved. Accountability

View this book as PDF