Managing Database Users

Creating database users (or roles) is the main mechanism for managing database security. After creating users, you can set up access control by granting or revoking privileges on databases, schemas, tables, columns, and stored procedures. See the following SQL commands:

You can also create views on tables as a means of access control. For example, you can create a view on a table that projects only certain columns, then you can give roles access to the view but not the table.

In ybsql, use the \du command to see the current list of database users and roles. You can also query the sys.user and sys.role views.

For information about managing users and roles via an LDAP server, see LDAP Integration.