Creating new users  Granting DBA and resource authority

Chapter 12: Managing User IDs and Permissions

Changing a password

Changing a user's password

If you have DBA authority, you can change the password of any existing user with the following command:

GRANT CONNECT TO userid IDENTIFIED BY password

The same command can also be used to add a new user. For this reason, if you inadvertently enter the user ID of an existing user when you mean to add a new user, you are actually changing the password of the existing user. You do not receive a warning because this behavior is considered normal. This behavior differs from pre-Version 12 Sybase IQ.

To avoid this situation, use the system procedures sp_addlogin and sp_adduser to add users. These procedures give you an error if you try to add an existing user ID, as in Adaptive Server Enterprise and pre-Version 12 Sybase IQ.

Changing the DBA password

The user ID DBA identifies a user with full administration and resource creation rights. The default password for user ID DBA for all databases is SQL. You should change this password to prevent unauthorized access to your database. The following command changes the password for user ID DBA to new_password:

GRANT CONNECT TO DBA
IDENTIFIED BY new_password

Extra steps are required to change the DBA password for a multiplex database.

To change the DBA password, you must have DBA authority.

StepsChanging the DBA password in a multiplex

  1. Start the write server.

  2. Stop the query servers.

  3. Change the DBA password using dbisql.

    GRANT CONNECT TO DBA IDENTIFIED BY new_password

  4. Disconnect from the multiplex.

  5. Reconnect to the write server using the new password.

    This resets the password in Sybase Central so that the subsequent synchronize command will use the correct password when it starts and stops the multiplex.

  6. Synchronize all query servers at once or individual query servers, as desired. (If query servers are running, this fails.)

Note that Sybase Central expects the DBA password to be identical on all servers in the multiplex.

WARNING! Never drop the DBA user for a multiplex database. Doing so makes the database unusable.

If you are using DBISQL, it is a good idea to put your permission grants into a command file for reference and so that it can be modified and run again if it is necessary to recreate the permissions.




Copyright © 2004. Sybase Inc. All rights reserved. Granting DBA and resource authority

View this document as PDF