Question DBA Users in Progress 10.2B

JoseKreif

Member
For clarity
  • I'm using Progress 10.2B on a Linux OS.
  • I add users by going into: Tools > Data Dictionary > Admin > Security > Edit User List
We want to make sure that certain accounts connecting to the SQL are not granted DBA rights, and that 1 or 2 are..

There is no option to pick whether or not a user is a DBA. There is an option there for Security Administrators, but I think that only applies to the security settings.

I tried Googling this but didn't find any answer on Progress's website that applies to my version of Progress.

I've heard of the _SYSDBAUTH table, but it's currently empty. So I'm not sure who in the _USER table is a DBA or not. Is every user a DBA by default?

Anyone know what I'm saying and how to help?
 
Last edited:

Rob Fitzpatrick

ProgressTalk.com Sponsor
Start here:
Basic Guide to Defining Progress SQL-92 Database Permissions & Security

Once you upgrade to a modern release of OpenEdge, you will be able to create SQL-only users but in 10.2B you can't. If you create two users and then make them security administrators, no other user will be. They won't be able to create users or edit file permissions.

For the SQL side, you want to query sysprogress.sysdbauth (i.e. the sysdbauth table in the sysprogress schema) to see DBA users. You cannot read this from the ABL which only sees tables in the PUB schema.

Connect to the SQL broker with a SQL client (e.g. sqlexp) and authenticate, and then select * from sysprogress.sysdbauth;. By default, your DBAs will be the user that created the database and sysprogress. If you authenticate as a DBA, you can GRANT the DBA privilege to another SQL user to make them a DBA. They will then inherit all privileges on all tables, both existing and newly-created. Other non-DBA users must be granted individual privileges on each table; they have none by default.
 

JoseKreif

Member
Thanks for your well detailed response. As I start to understand this more and more, it's making a lot of sense.
 
Top