Privileges determine what someone is authorized to do with the data and the database. Privileges should be assigned based on the type of work the person does within the organization. Is this person involved with administration of the geodatabase? Does he or she need to edit or create data? Or would this person only need to query the data?
User privileges are set at different levels. This topic describes the required database and dataset privileges for common types of users: data viewers, data editors, data creators, and the geodatabase administrator.
If your users do more than view and issue simple SELECT statements, they need RESOURCE privileges in the Informix database. Resource-level privileges allow the user to do the following:
- Connect to the database.
- Execute SELECT, INSERT, UPDATE, and DELETE statements, provided the user has the necessary table-level privileges.
- Create views, provided the user has the SELECT privilege on the underlying tables.
- Create synonyms.
- Create temporary tables and indexes on them.
- Alter or drop a table or index, provided the user has the necessary table-level privileges.
- Grant table-level privileges.
- Create tables.
- Create indexes.
- Create routines.
- Create data types.
You can use the SQL GRANT statement to grant the RESOURCE privilege to the geodatabase administrator and other users as appropriate. Additional database privileges should be granted and revoked by connecting to the Informix geodatabase as a user with the DBA privilege and executing SQL GRANT and REVOKE statements directly.
Privileges on datasets in geodatabases should be granted or revoked using ArcGIS clients and must be done by the dataset owner.
Type of user | Database privileges | Dataset privileges | Notes |
---|---|---|---|
Data viewer | CONNECT | SELECT on other users' datasets | If your database is configured to use shared ArcSDE log files (the default), additional privileges may be needed. See Log file table configuration options for Informix for more information. |
Data editor | RESOURCE | SELECT, INSERT, UPDATE, and DELETE on datasets owned by other users. | When you use ArcGIS to grant the SELECT, INSERT, UPDATE, and DELETE privileges on a feature class or table registered for traditional versioning, those privileges are automatically granted on the associated versioned view. These privileges are required for the user to edit using a SQL and a versioned view. |
Data creator | RESOURCE | ||
Geodatabase administrator (the sde user) | RESOURCE EXTEND role CONNECT on the sysadmin database | To create a geodatabase in an existing database, the geodatabase administrator user (sde) must be granted the EXTEND role and RESOURCE privilege for that database. To drop connections to the geodatabase, the geodatabase administrator user (sde) user must have CONNECT privilege for the sysadmin database. To upgrade an existing geodatabase, the sde user must be granted DBA privilege for that database. DBA privilege can be revoked after the geodatabase is upgraded. |