Creating RAP Users

You must create separate user and group accounts for RAPCache and RAPStore server for users to query the databases.

Adaptive Server Enterprise and Sybase IQ users differ:

  • All Adaptive Server Enterprise users require a server login ID and password and a user ID for each database they want to access on that server.

  • IQ users do not require a server login ID. All IQ users receive a user ID and password for a database.

Adaptive Server Enterprise and IQ groups differ:

  • Adaptive Server Enterprise allows each user to be a member of only one group.

  • In IQ, users and groups are database objects. Groups can contain users and other groups. Users can belong to multiple groups, and group hierarchies are allowed.

Database object permissions

GRANT and REVOKE statements for granting permissions on individual database objects are similar:

  • Both Adaptive Server Enterprise and IQ allow SELECT, INSERT, DELETE, UPDATE, and REFERENCES permissions on database tables and views, and UPDATE permissions on selected columns of database tables.

    For example, the following statement, which grants permission for INSERT and DELETE statements on the TITLES table to user MARY and to the SALES group, is valid in both products:
    GRANT INSERT, DELETE
ON TITLES
TO MARY, SALES

  • Both products allow EXECUTE permissions to be granted on stored procedures.

  • Adaptive Server Enterprise also supports GRANT and REVOKE on additional items:

    • Objects: columns within tables, columns within views, and stored procedures

    • User abilities: Create Database, Create Default, Create Procedure, Create Rule, Create Table, Create View

  • IQ requires a user to have RESOURCE authority to create database objects. (A closely corresponding Adaptive Server Enterprise permission is GRANT ALL, used by a database owner.)

  • Both products support the WITH GRANT OPTION clause, allowing the recipient of permissions to grant them in turn, although IQ does not permit WITH GRANT OPTION to be used on a GRANT EXECUTE statement.

Database-wide permissions

Adaptive Server Enterprise and Sybase IQ use different models for database-wide permissions.

  • IQ employs DBA permissions to allow a user full authority within a database.

  • Adaptive Server Enterprise system administrators enjoy database-wide user permission for all databases on the server, but the database owner must use a SETUSER statement to gain permissions on objects owned by other users.

Adding users

Adaptive Server Enterprise and Sybase IQ use different models to create users.

  • Adaptive Server Enterprise requires separate server and database accounts. sp_addlogin creates a server login account for a new user. sp_adduser gives database and group privileges.

  • IQ adds users in a single step, but does not assign permissions beyond connecting to the database and viewing the system tables. Permissions to access database tables must be explicitly assigned.

  • IQ does not require stored procedures to add or drop users, but does allow DBAs to add or drop user accounts. When a DBA enables IQ User Administration, these accounts let DBAs control user connections and password expirations.

Where to find additional information

For details about managing Adaptive Server Enterprise login accounts and database users, see Adaptive Server Enterprise System Administration Guide, Volume 1 > Adapt Managing Adaptive Server Logins, Database Users, and Client Connections

For details about Sybase IQ User administration, see SyBase IQ System Administration Guide > Managing User IDs and Permissions, as well as SyBase IQ System Administration Guide > Sybase IQ as a Data Server

Parent topic: Managing Servers with Sybase Central