Creating RAP users

You must create separate user and group accounts for RAPCache and RAPStoreServer for users to query the databases. User and group models in Adaptive Server Enterprise and Sybase IQ differ.

How users connect


  • All ASE users require a server login ID and password and a user ID for each database they want to access on that server.

  • Sybase IQ users do not require a server login ID. All Sybase IQ users receive a user ID and password for a database.

User groups

ASE and IQ groups differ:

  • ASE allows each user to be a member of only one group.

  • In IQ, users and groups are database objects. Groups can contain users and other groups. Users can belong to multiple groups, and group hierarchies are allowed.

Database object permissions

GRANT and REVOKE statements for granting permissions on individual database objects are similar:

  • Both ASE and Sybase IQ allow SELECT, INSERT, DELETE, UPDATE, and REFERENCES permissions on database tables and views, and UPDATE permissions on selected columns of database tables.

    For example, the following statement,which grants permission for INSERT and DELETE statements on the TITLES table to user MARY and to the SALES group, is valid in both products:
    GRANT INSERT, DELETE
ON TITLES
TO MARY, SALES

  • Both products allow EXECUTE permissions to be granted on stored procedures.

  • ASE also supports GRANT and REVOKE on additional items:

    • Objects: columns within tables, columns within views, and stored procedures

    • User abilities: Create Database, Create Default, Create Procedure, Create Rule, Create Table, Create View

  • Sybase IQ requires a user to have RESOURCE authority to create database objects. (A closely corresponding Adaptive Server Enterprise permission is GRANT ALL, used by a Database Owner.)

  • Both products support the WITH GRANT OPTION clause, allowing the recipient of permissions to grant them in turn, although IQ does not permit WITH GRANT OPTION to be used on a GRANT EXECUTE statement.

Database-wide permissions

Adaptive Server Enterprise and Sybase IQ use different models for database-wide permissions.

  • Sybase IQ employs DBA permissions to allow a user full authority within a database.

  • ASE system administrators enjoy database-wide user permission for all databases on the server, but the database owner must use a SETUSER statement to gain permissions on objects owned by other users.

Adding users

ASE and Sybase IQ use different models to create users.

  • ASE requires separate server and database accounts. sp_addlogin creates a server login account for a new user. sp_adduser gives database and group privileges.

  • Sybase IQ adds users in a single step, but does not assign permissions beyond connecting to the database and viewing the system tables. Permissions to access database tables must be explicitly assigned.

  • Sybase IQ does not require stored procedures to add or drop users, but does allow DBAs to add or drop user accounts. When a DBA enables IQ User Administration, these accounts let DBAs control user connections and password expirations.

Where to find additional information

For details about managing Adaptive Server login accounts and database users, see “Managing Adaptive Server Logins, Database Users, and Client Connections” in the Adaptive Server Enterprise System Administration Guide, Volume 1.

For details about Sybase IQ User Administration, see “Managing User IDs and Permissions” and “Sybase IQ as a Data Server,” in the Sybase IQ System Administration Guide.

Parent topic: Managing Servers with Sybase Central

Created April 9, 2009. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com