SQL Anywhere Studio Security Guide
Restrictions and Other Security Concerns
This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.
Since the engine does not generally allow you to revoke DBA authority from a user while that user is connected to the database, the easiest way to revoke DBA authority is simply to wait until the user has disconnected, and then issue a REVOKE DBA statement.
However, it may be necessary to immediately revoke DBA authority from a user who is currently connected to the database, before the user has a chance to do anything else. Assume for this example you are trying to revoke DBA authority from user fred.
To revoke DBA authority from a connected user
Connect to the same database as a different user with DBA authority.
For example, use a user ID other than fred.
Disable connections to the server by executing the following statement:
CALL sa_server_option('disable_connections', 'ON')
This prevents fred from connecting again once his existing connections have been dropped.
List all the connections to the database by executing the following statement:
CALL sa_conn_info( )
Write down the value of the Number column for each row containing fred in the Userid column.
For each connection number you wrote down in step 4, execute the following statement:
DROP CONNECTION number
This immediately drops each connection, rolling back any uncommitted transactions. Note that any transactions committed by fred, as well as any DDLs executed by fred before the DROP statement was executed, are not rolled back and must be manually undone.
Execute the following SQL statement:
REVOKE DBA FROM fred
Re-enable connections to the server by executing the following statement:
CALL sa_server_option('disable_connections', 'OFF')