602SQL Documentation Index  

User Groups and Group Maintenance

User groups represent a tool to grant privileges more effectively. When a group is granted some privilege, all users who belong to that group are granted that privilege too. Groups are independent on applications (schemes).

Predefined System Groups

These system groups always exist in each database. Each of them has a given name and meaning:

System groups
Everybodyall users belong to this group
Db_admingroup of data administrators
Config_admingroup of configuration administrators
Security_admingroup of security administrators

The Everybody group serves for mass granting privileges to all users. Users in the other three system groups are server administrators and have specific privileges.

Defining Groups

Other groups are created usually according to a organization structure of a company. E.g. all invoice clerks can be assigned to the INVOICECLERK group. If you then need to assign all invoice clerks to a special role for creating invoices, you can assign the group INVOICECLERKS as a whole to the role. Configuration and security administrator may create and delete user groups. A group name may consist of maximum 31 characters and is not case-sensitive.

Security administrator has the privilege to assign users into groups. A part of the security administrators' privileges can be granted to the configuration administrators - they may be granted to:

A group can be created by calling the CREATE GROUP SQL statement. You can get the relationship between two privilege subjects (i.e. if a user is a member of some group etc.) or change this setting (i.e. assign a group into a role) with functions Set_membership and Get_membership and by using the system query _iv_subject_membership.

Groups can be created, deleted and users can be assigned to them also from the 602SQL Development Client, System / System objects / Users | Groups folder.