Built-in roles

For security reasons, HCL OneDB™ supports certain built-in roles that are in effect for any user who is granted the role and is connected to the database, regardless of whether any other role is also active.

For example, in a database in which the IFX_EXTEND_ROLE configuration parameter is set to ON, only the Database Server Administrator (DBSA) or users to whom the DBSA has granted the built-in EXTEND role can create or drop UDRs that are defined with the EXTERNAL keyword.

Similarly, in a database that implements LBAC security policies, the DBSA can grant the built-in DBSECADM role. The grantee of this role becomes the Database Security Administrator, who can define and implement LBAC security policies and can assign security labels to data and to users.

Unlike user-defined roles, built-in roles cannot be destroyed by the DROP ROLE statement. The SET ROLE statement has no effect on a built-in role, because it is always active while users are connected to a database in which they have been granted the built-in role.

For more information on the External Routine Reference segment or SQL statements for defining and manipulating roles, see the HCL OneDB Guide to SQL: Syntax.

For more information on the DBSECADM role or SQL statements for defining and manipulating LBAC security objects, see the HCL OneDB Security Guide.

For more information on default roles, see the HCL OneDB Administrator's Guide.

For more information about how to grant and limit access to your database, see the HCL OneDB Database Design and Implementation Guide.