Managing individual user IDs and permissions

Changing the DBA password

GRANT CONNECT TO userid IDENTIFIED BY password

The same command can also be used to add a new user. For this reason, if you inadvertently enter the user ID of an existing user when you mean to add a new user, you are actually changing the password of the existing user. You do not receive a warning because this behavior is considered normal. This behavior differs from pre-Version 12 Adaptive Server IQ.

To avoid this situation, use the system procedures sp_addlogin and sp_adduser to add users. These procedures give you an error if you try to add an existing user ID, as in Adaptive Server Enterprise and pre-Version 12 Adaptive Server IQ.

The default password for the DBA user ID for all databases is SQL. You should change this password to prevent unauthorized access to your database. The following command changes the password for user ID DBA to new_password:

GRANT CONNECT TO DBA

IDENTIFIED BY new_password

If you are using DBISQL, it is a good idea to put your permission grants into a command file for reference and so that it can be modified and run again if it is necessary to recreate the permissions.

Granting DBA and resource authority

DBA and RESOURCE authority are granted in exactly the same manner as each other.

To grant resource permissions to a user ID:

 

1 Connect to the database as a user with DBA authority.

 

2 Type and execute the SQL statement:

 

GRANT RESOURCE TO userid

 

For DBA authority, the appropriate SQL statement is:

 

GRANT DBA TO userid

Notes

• Only the DBA can grant DBA or RESOURCE authority to database users.

 

• DBA authority is very powerful, granting the ability to carry out any

 

action on the database and access to all the information in the database. It

 

is generally inadvisable to grant DBA authority to more than a very few

 

people.

358

Page 378
Image 378
Sybase 12.4.2 manual Granting DBA and resource authority, 358