 |
|
|
 | Automatically Granted Privileges |  | Privileges and Privilege Subjects | Checking Privileges when Executing SQL Statements |  |
By default, these privileges are automatically granted to the Everybody group on the system table of tables (TABTAB) and table of objects (OBJTAB):
The global privilege to read all columns in the system table of users and groups (USERTAB) is granted to the Everybody group by default. The privilege to insert new records (e.g create new users or groups) is granted to the Config_admin and Security_admin administrator groups by default.
When a new user is created (in the USERTAB table), this new user is granted the privilege to edit their own records (and descriptions). Please note that the creator of this user will not have these privileges.
The DB_ADMIN administrator group has a irrevocable privilege to edit all data including the system tables.
Only users that are allowed to insert records into the appropriate system tables are allowed to create new objects.
Tables are stored in the TABTAB table, applications and other objects (e.g. queries, transfers) in the OBJTAB table. The privilege to insert records into these tables are granted to the EVERYBODY group after installation. This privilege can be removed from this group and granted only to those users and groups that should be allowed to import, create or alter database applications or create new users. Creating triggers follows different rules (see Triggers for more information).
Users and groups are stored in the USERTAB table. Only the Config_admin and Security_admin (and Db_admin) are granted the privilege to insert records into these tables by default. This privilege can also be granted to those users and groups that are required to create new users and groups.
How to setup these privileges:
| Automatically Granted Privileges | | Privileges and Privilege Subjects | Checking Privileges when Executing SQL Statements | |