Resolution
What is the difference between the sqlcqr_admin role and the sqlcqr_dsm_role in VigilEnt Database Security Manager for Sybase?
fact
VigilEnt Database Security Manager for Sybase SR2
fact
VigilEnt Database Security Manager for Sybase 3.0
fact
VigilEnt Database Security Manager for Sybase 3.5 SP3
fix
VigilEnt Database Security Manager (VDSM) for Sybase lets securely delegated database security management to VDSM for Sybase administrators without requiring that these same users have additional, potentially dangerous privileges. You can set up a VDSM for Sybase administrator with no Sybase or Oracle privileges. This means that the administrator may only perform specified actions when logged into the VDSM for Sybase Windows Console. Additionally, VDSM for Sybase administrators can only manage users, not each other. Only a privileged user can manage administrators, privileges, and VDSM for Sybase applications.
The privileges needed to perform VDSM for Sybase administrative tasks are in the role sqlcqr_dsm_role. This role is granted to a proxy user. We recommend that you set up all of your VDSM for Sybase administrators using the default proxy, usually SQLCQR. This makes keeping track of users and roles much easier.
The limited privilege role, sqlcqr_admin, is granted directly to the administrator on the repository only. Sqlcqr_admin is password protected and you cannot enable it outside of VDSM for Sybase. VDSM for Sybase grants this role to the administrator for you. This role is not granted to the administrator on the satellite servers.
VigilEnt Database Security Manager for Sybase keeps a full audit trail on all administrative actions. The VDSM for Sybase audit records list which administrator, not just which proxy user, performed any administrative actions.