Database roles are conceptually completely separate from operating system users. In practice it might be convenient to maintain a correspondence, but this is not required. Database roles are global across a database cluster installation (and not per individual database). Every connection to the database server is made in the name of some particular role, and this role determines the initial access privileges for commands issued on that connection. The role name to use for a particular database connection is indicated by the client that is initiating the connection request in an application-specific fashion. Since the role identity determines the set of privileges available to a connected client, it is important to carefully configure this when setting up a multiuser environment. To create a Role and set all the Role properties use the Role Manager. This tool allows you to add, modify, and remove Roles. After you have created database Roles, you may specify owners for any diagram object using appropriate object editor. See also: |