CHAPTER 10 Managing User IDs and Permissions

sp_helptext sp_name_in_question

Managing groups

DBA, RESOURCE, and GROUP permissions

Once you understand how to manage permissions for individual users (as described in the previous section) working with groups is straightforward. A group is identified by a user ID, just like a single user, but this user ID is granted the permission to have members.

When permissions on tables, views, and procedures are granted to or revoked from a group, all members of the group inherit those changes. The DBA, RESOURCE, and GROUP permissions are not inherited: they must be assigned individually to each individual user ID requiring them.

A group is simply a user ID with special permissions. Granting permissions to a group and revoking permissions from a group are done in exactly the same manner as any other user, using the commands described in “Managing individual user IDs and permissions”.

A group can also be a member of a group. A hierarchy of groups can be constructed, each inheriting permissions from its parent group.

A user ID may be granted membership in more than one group, so the user-to- group relationship is many-to-many.

The ability to create a group without a password enables you to prevent anybody from signing on using the group user ID. This security feature is discussed in “Groups without passwords”.

Creating groups

To create a group with a name and password:

1 Connect to the database as a user with DBA authority.

2Create the group's user ID just as you would any other user ID, using the following SQL statement:

GRANT CONNECT

TO personnel

IDENTIFIED BY group_password

363

Page 383
Image 383
Sybase 12.4.2 manual Managing groups, Creating groups, 363, To create a group with a name and password