CHAPTER 10 Managing User IDs and Permissions
367
Special groups
When a database is created, two groups are also automatically created. These
are SYS and PUBLIC. Neither of these groups has passwords, so it is not
possible to connect to the database as either SYS or as PUBLIC. The two
groups serve important functions in the database.
The SYS group
The SYS group is owner of the system tables and views for the database, which
contain the full description of database structure, including all database objects
and all user IDs.
For a description of the system tables and views, together with a description
of access to the tables, see Chapter 15, “System Tables” and Chapter 16,
“System Views” in Adaptive Server IQ Reference Manual.
The PUBLIC group
When a database is created, the PUBLIC group is automatically created, with
CONNECT permissions to the database and SELECT permission on the
system tables.
The PUBLIC group is a member of the SYS group, and has read access for
some of the system tables and views, so that any user of the database can find
out information about the database schema. If you wish to restrict this access,
you can REVOKE PUBLIC's membership in the SYS group.
Any new user ID is automatically a member of the PUBLIC group and inherits
any permissions specifically granted to that group by the DBA. You can also
REVOKE membership in PUBLIC for users if you wish.
Database object names and prefixes
The name of every database object is an identifier. The rules for valid
identifiers are described in Chapter 6, “SQL Language Elements” in Adaptive
Server IQ Reference Manual.
In queries and sample SQL statements throughout this guide, database objects
from the sample database are generally referred to using their simple name. For
example:
SELECT *
FROM employee
Tables, procedures, and views all have an owner. The owner of the tables in the
sample database is the user ID DBA. In some circumstances, you must prefix
the object name with the owner user ID, as in the following statement.