Roles simplify access to the database by associating subject privileges and permissions with an application. Roles can be created with the option of an additional password. For more information, see Groups and Roles.

For each valid Actian Data Platform user, a user object must be created in the Actian Data Platform User Management database (iidbdb). The user object specifies the user name, default group, default profile, subject privileges, and other attributes. For more information, see Manage Users.

Groups simplify managing permissions because individual users can be added or removed from groups as required. Being a member of a group does not automatically give the user the permissions granted to the group. The user must have the group specified as its default group or specify the group name in the session startup. For more information, see Groups and Roles.

Granting permissions on objects to PUBLIC allows any user, group, or role access to those objects. The use of grants to PUBLIC should be limited. For more information, see Working with Grants.