> While it makes sense for someone to activate and deactivate a
> particularly role, does it makes sense to temporarily leave a group?

Nope.

> What sort of privilege would be required to register another user for

a

> group?

I think the answer to this question starts with thinking about db
management functions at there most basic level and then creating system
defined groups which encapsulates those functions (i.e. "Schema Owner",
"Backup Operator", "Security Admin"...) from there the database owner
(the user who creates the database -- who automatically becomes a member
to all those groups) can then add to rights/groups to other users...

Some db functions will need to be defined as server 'level' rights (i.e.
'Create Database', 'Restore Operator'). Where will this data be stored?
How will this be managed?

Not only would the groups object encompass db management rights, but
also object rights, just as the current users and roles structures
provide, with the benefit of providing the logged in user implicit
access to all objects defined via the group rights without needing to
change role/re-login.


Sean