Many SAP ASE commands and procedures require the system administrator or system security officer role. Other system administration information is relevant to database owners.
Various security-related, administrative, and operational tasks are grouped into the following user roles.
System Administrator – by default, the system administrator (sa) is assigned these roles:
• sa_role
• sso_role
• oper_role
• sybase_ts_role
The system administrator’s tasks that are related to SAP ASE include:
• Managing disk storage
• Monitoring the automatic recovery procedure
• Fine-tuning by changing configurable system parameters
• Diagnosing and reporting system problems
• Backing up and loading databases
• Modifying and dropping server login accounts
• Granting and revoking the system administrator role
• Granting permissions
• Creating user databases and granting ownership of them
• Setting up groups, which can be used for granting and revoking permissions
System security officer – performs security-related tasks, such as:
• Creating server login accounts, which includes assigning initial passwords
• Changing the password of any account
• Granting and revoking the system security officer and operator roles
• Creating, granting, and revoking user-defined roles
• Granting the capability to impersonate another user throughout the server
• Setting the password expiration interval
• Setting up network-based security services
• Managing the audit system
Operator – backs up and loads databases on a server-wide basis. The operator role allows a single user to use the dump database, dump transaction, load database, and load transaction commands to back up and restore all databases on a server without having to be the owner of each one. These operations can be performed for an individual database by the database owner or by a system administrator. However, an operator can perform them for any database.
These roles provide individual accountability for users who are performing operational and administrative tasks. Their actions can be audited and attributed to them. A system administrator operates outside the discretionary access control (DAC) protection system; that is, when a system administrator accesses objects, SAP ASE does not check the DAC permissions.
In addition, two kinds of object owners have special status because of the objects they own:
Database Owner
The database owner is the creator of a database or someone to whom database ownership has been transferred. A system administrator can use the grant command to grant users the authority to create databases.
Database Object Owner
A database object owner is a user who creates a database object.
Note
Credit to original article.