Subject Re: question regarding roles, users, db-owner, gbak
Author dirknaudts
--- In, Helen Borrie <helebor@t...>
> At 12:55 PM 1/09/2004 +0000, you wrote:
> >Hi,
> >
> >1. What's the use of Roles ? I can't seem to find any docs on
this ,
> >and I haven't got/ordered HeLen's book yet :(.
> Roles are a way to package a bunch of SQL privileges. You create
the role,
> then grant the required privs to the role, then grant the role to
each user
> who needs those privs. At login time, the user must supply both
> and role to get the privs of the role.

Ok, good to know how it works ;-)

> >2. I've made a Db to be installed at a customer's site, and added a
> >user which is granted some rights on some tables, SYSDBA (that's
> >pasword is not given to customer (question of responsability when
> >goes wrong). How can I allow my customer to be able to use GBAK to
> >shedule backup/restore of this DB, without giving him SYSDBA
> >password ? can I somehow 'grant' backup/restore rights to the User
> >created for him ?
> You can't 'grant" backup/restore rights. What you need to do is
create a
> user who is to be the "Owner", e.g. DB_OWNER; back up the database
> SYSDBA, then do a gbak -c, with a temporary database file name,
> the user name and password of DB_OWNER as switches to the command.
The new
> database is now owned by DB_OWNER.
> Log into this database as DB_OWNER and test that all is OK; when
> ready, rename the old database file (or move it) and the rename the
> one. The new owner will now be able to back up the database.
However, it
> won't have any privs for the objects inside the database...
> ./helen

Ok, when SYSDBA still holds all privs, this is exactly what I need.
Can you confirm that SYSDBA -privs remain unchanged ?

Thanks for clearing this up,

Best regards,

Dirk Naudts.