Administrator Guide : Security : Authorization, privileges, and roles
  
Authorization, privileges, and roles
Users can successfully execute operations only if they have the authority to perform the specified function. To create a table, a user must be authorized to create tables; to alter a table, a user must be authorized to alter the table; and so forth. solidDB® offers several methods for managing user authorization.
Privileges and roles
A privilege is a permission to perform an action or a task. Authorized users can create objects, have access to objects they own, and can pass on privileges on their own objects to other users by using the GRANT statement. Privileges may be granted to individual users or roles (groups).
You can apply five different kinds of user privileges. A user may be able to view, delete, insert, update or reference information in a table or view. Any combination of these privileges may also be applied. A user who has no privileges to a table is not able to use the table at all.
A role is a group of privileges that can be granted to users as one unit. You can create roles and assign users to certain roles. A single user may have more than one role assigned, and a single role may have more than one user assigned.
There both system roles and user-defined roles. User-defined roles are created with the CREATE ROLE. All roles are granted to users with the GRANT ROLE statement.
System roles
solidDB® offers the following system roles. The system role names are reserved user names.
Reserved Names
Description
PUBLIC
This role grants privileges to all users. When user privileges to a certain table are granted to the role PUBLIC, all current and future users have the specified user privileges to this table. This role is granted automatically to all users.
SYS_ADMIN_ROLE
This is the default role for the database administrator. This role has administration privileges to all tables, indexes and users, as well as the right to use solidDB® Remote Control. This is also the database creator role.
_SYSTEM
This is the schema name of all system tables and views.
SYS_CONSOLE_ROLE
This role has the right to use solidDB® Remote Control, but does not have other administration privileges.
SYS_SYNC_ADMIN_ROLE
This is the administrator role for data synchronization functions.
SYS_SYNC_REGISTER_ROLE
This role is only for registering and unregistering a replica database to the master.
See also
Security