Manualshelf

User Guide

ManualsBrandsSAP ManualsOtherDB
21222324252627282930
SAP AG November 2002
RESOURCE
RESOURCE users are special database users [Page 136] of the database user class [Page
28] RESOURCE. RESOURCE users can be created by SYSDBA users [Page 151] and DBA
users [Page 137].
RESOURCE users can define data and database procedures and grant other users privileges
for these database objects.
STANDARD
STANDARD users are special database users [Page 136] of the database user class [Page
28] STANDARD. STANDARD users only have access to data and database procedures that
were defined by other users and for which they have privileges.
STANDARD users themselves can define view, synonyms, and temporary tables.
User Groups
Database users [Page 136] can be grouped into user groups.
A user group can either be assigned to the database user class [Page
28] RESOURCE [Page
146] or to the database user class STANDARD [Page 30]. Database users can be defined as
members of a user group.
All database objects defined by members of a certain user group can be identified by the user
group name. The owner of objects such as these is the user group and not the individual user
that defined the objects. If a member of a user group creates objects, each member of that
group can work with these objects as if they were the object owners.
Privileges can only be granted or removed from the user group as a whole and not from
individual members of the group.
The Role Concept
The SAP DB database system supports different roles. A role [See SAP DB Library] is a
grouping of privileges [See SAP DB Library]
, which can be assigned to database users [Page
136], user groups [Page 30], or other roles.
Procedure
1. A role is created using the CREATE ROLE statement [See SAP DB Library]. This role is
initially empty. Only database users belonging to database user class DBA [Page 137]
are able to create roles. The new role name [See SAP DB Library]
cannot be the same as
the name of any other role, a user, or a user group.
2. Privileges are assigned to a role using the GRANT statement [See SAP DB Library]
.
Privileges are can be revoked from a role using the REVOKE statement [See SAP DB
Library].
3. A role can be assigned to database users, user groups, or other roles using the GRANT
statement and specification of the role name.
User Manual: SAP DB 30