Managing user privileges and roles

You can use solidDB tools, and many ODBC compliant SQL tools to modify user privileges. Users and roles are created and deleted by using SQL statements. A file that consists of several SQL statements is called an SQL script.

solidDB includes a sample script that creates users and roles, see SQL sample scripts. To create your own users and roles, you can make your own script that describes your user environment.

Task	Example	Reference
Create a user	CREATE USER CALVIN IDENTIFIED BY P33W1T56;	CREATE USER
Delete a user	DROP USER CALVIN;	DROP USER
Change a password	ALTER USER CALVIN IDENTIFIED BY TW1G44RT;	ALTER USER
Create a role	CREATE ROLE GUEST_USERS;	CREATE ROLE
Delete a role	DROP ROLE GUEST_USERS;	DROP ROLE
Grant privileges to a user or role	GRANT INSERT, DELETE ON TEST_TABLE TO GUEST_USERS;	GRANT
Assign a role to a user	GRANT GUEST_USERS TO CALVIN;	GRANT
Revoke privileges from a user or role	REVOKE INSERT ON TEST_TABLE FROM GUEST_USERS;	REVOKE
Remove a role from a user	REVOKE GUEST_USERS FROM CALVIN;	REVOKE
Assign administrator privileges to a user	GRANT SYS_ADMIN_ROLE TO CALVIN;	GRANT
Assign DDL privileges to a user	GRANT DDL TO CALVIN	GRANT
Revoke DDL privileges from a user	REVOKE DDL FROM CALVIN;	REVOKE. See Revoking DDL privileges.

Note The database system administrator user name cannot be changed by using the ALTER USER statement. Instead, you must create a new user account, grant the new user the SYS_ADMIN_ROLE, and drop the original administrator account.

If the user has been revoked of the DDL privileges, but the user has been granted a role such as the SYS_ADMIN_ROLE or the SYS_SYNC_ADMIN role, the role takes precedence, and the user is able to perform DDL functions.