Privileges determine what a user is authorized to do with the data and the database. Privileges should be assigned based on the type of work the person does within the organization. Is the user involved with administration of the geodatabase? Does the user need to edit or create data? Would the user only need to query the data?
User privileges are set at different levels. This topic describes the required database and dataset privileges for common types of users: data viewers, data editors, data creators, and the geodatabase administrator.
If your users do more than view and issue simple SELECT statements, they need RESOURCE privileges in the Informix database. Resource-level privileges allow the user to do the following:
- Connect to the database.
- Execute SELECT, INSERT, UPDATE, and DELETE statements, provided the user has the necessary table-level privileges.
- Create views, provided the user has the SELECT privilege on the underlying tables.
- Create synonyms.
- Create temporary tables and indexes on them.
- Alter or drop a table or index, provided the user has the necessary table-level privileges.
- Grant table-level privileges.
- Create new tables.
- Create new indexes.
- Create new routines.
- Create new data types.
You can use the SQL GRANT statement to grant the RESOURCE privilege to the geodatabase administrator and other users as appropriate.
GRANT RESOURCE TO <user_name>
|Type of user||Database privileges||Dataset privileges||Notes|
If your database is configured to use shared ArcSDE log files (the default), additional privileges may be needed. See Log file table configuration options for Informix for more information.
SELECT, INSERT, UPDATE, and DELETE on other users' datasets
If the user will be editing versioned data through a versioned view, the user must also be granted SELECT, INSERT, UPDATE, and DELETE privileges on the versioned view. When you use the Privileges dialog box in ArcGIS to grant the SELECT, INSERT, UPDATE, and DELETE privileges on a versioned feature class, those privileges are automatically granted on the associated versioned view.
Geodatabase administrator (the sde user)
CONNECT on the sysadmin database
To create a geodatabase in an existing database, the geodatabase administrator user (sde) must be granted the EXTEND role and RESOURCE privilege for that database.
To drop connections to the geodatabase, the geodatabase administrator user (sde) user must have CONNECT privilege for the sysadmin database.
To upgrade an existing geodatabase, the sde user must be granted DBA privilege for that database. DBA privilege can be revoked after the geodatabase is upgraded.
Database privileges should be granted and revoked by connecting to the Informix geodatabase as a user with the DBA privilege and executing SQL GRANT and REVOKE statements directly.
Privileges on datasets should be granted or revoked by the dataset owner using the Privileges dialog box or Change Privileges geoprocessing tool in ArcGIS for Desktop. See Grant and revoke dataset privileges for instructions.