This is a brief run-down of the features and ideas you can use to implement database security: Logins, Roles, Users, Aliases and Groups

* sp_addlogin - Creating a login adds a basic authorisation for an account - a username and password - to connect to the server. By default, no access is granted to any individual databases.

* sp_adduser - A user is the addition of an account to a specific database.

* sp_addalias - An alias is a method of allowing an account to use a specific database by impersonating an existing database user or owner.

* sp_addgroup - Groups are collections of users at the database level. Users can be added to groups via the sp_adduser command.

A user can belong to only one group - a serious limitation that Sybase might be addressing soon according to the ISUG enhancements requests. Permissions on objects can be granted or revoked to or from users or groups.

* sp_role - A role is a high-level Sybase authorisation to act in a specific capacity for administration purposes. Refer to the Sybase documentation for details.