Thomas Stegbauer wrote:
> 
> hi elke,
> 
> thanx for the answer.
> 
> Zabach, Elke schrieb:
> > Thomas Stegbauer wrote:
> > 
> > 
> >>hi list,
> >>
> >>after reading some mailinglist entries and some doc. it seems 
> >>roles are 
> >>the better usergroups
> > 
> > 
> > Not quite correct, with roles and usergroups some problems can
> > be overcome, but they use different ways. And roles and usergroups
> > have nothing to do with each other.
> > 
> > Roles can be thought of a named set of privileges. 
> > Users, (usergroups) and roles belong to the same namespace,
> > must have different names.
> > 
> > Privileges can be granted/revoked to/from roles and users, 
> > roles can be granted/revoked to/from roles and users.
> > 
> > With roles it is easy to give new users all rights needed to do 
> > their new job (just grant the role to them)
> > and to change the privileges for all users needing the same 
> > privileges (just grant/revoke privileges to/from the role).
> > 
> > Roles do not include any privilege after creation. The 
> privileges have to be granted to the role.
> > 
> > Many users may have the role granted, but in contrast to 
> usergroups were one user always belong to one 
> > usergroup, a user may have different roles from time to time. 
> 
> ok, to short it (one advantage of usergroups):
> 
> new objects must get granted to roles, but this isn't needed to 
> usergroups, if the user are member to that group and the group has 
> resource right.
> 
> 
> >>the rolemember can changed afterwards (what is not possible with 
> >>usergroups without deleting that user)
> >>
> >>the user can be member of more than one role (is this true)
> >>
> >>the rolepermission can get activated by the user later with a 
> >>rolepassword
> >>
> >>my problems and questions:
> >>
> >>1. where can i look, what roles exist? (why arent thy listed 
> >>under users 
> >>in sqlsto? or in the users view)
> > 
> > 
> > see
> > 
> http://www.sapdb.org/7.4/htmhelp/9c/b33d40425326439dfc0366a8dc
> bf55/frameset.htm
> > --> Roles
> > 
> http://www.sapdb.org/7.4/htmhelp/4b/8eb554c5767c4a80bc8f769120
> d247/frameset.htm
> > 
> > 
> >>2. where i check what members a role has?
> > 
> > 
> > Roles do not have members. What do you mean?
> > A role is a named set of privileges.
> 
> ok, the question should be, where can i check to whom a role 
> is granted.
> i took roles as special version of usergroups (what is i a 
> short way of 
> definition wrong)
> 


have a look at 
http://www.sapdb.org/7.4/htmhelp/f8/8c857053fcb74b9d44f264446e85b6/frameset.htm

ROLEPRIVILEGES 
The system table ROLEPRIVILEGES describes the privileges and roles that are granted to 
roles for which the current user has privileges.

Elke
SAP Labs Berlin

> 
> > 
> >>3. who can i add a user, usergroup or an other role to a 
> >>role? i didn't 
> >>find the appropriate doc page.
> > 
> > 
> > You have to grant privileges to a role using GRANT, you can grant
> > roles to roles and users
> > and you have to enable roles using the SET-statement
> > 
> http://www.sapdb.org/7.4/htmhelp/44/a17998442911d3a98200a0c944
9261/frameset.htm
> which needs (depending on the role-definition) or does not need a password

thanx

> 
>>4. to elke: i was unable to find the discussion how 
>>permissions to all 
>>tables can get set by a script. have you more information for me, to 
>>find this.
> 
> 
> What you have to do is:
> 
> for all users in your database whose tables have to be granted 
> do
>     connect with that user
>     select tablename from tables
>     for all tablenames returned 
>     do
>           grant ... on tablename to ...
>           get next tablename
>     end
>     commit 
>     release the session
>     use next username
> end

thank you, this i already know, what i want :), my problem is do how.
i thought already to catch this with a short shell-script. but the 
loadercli doesn't give the output of "select tablename from tables where 
owner=\"USER\""

greetings
thomas

>>
>>p.s. if i forgot some important (dis)advantages from usergroups and 
>>roles or if some information are wrong, please correct me.
>>

-- 
--
# Thomas Stegbauer
# http://www.keyserver.de:11371/pks/lookup?op=get&search=0xFF837A1A
# Key fingerprint = E469 F5DC 42FB B530 F5CB  99CB CEB2 BFC6 FF83 7A1A


_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general

Reply via email to