Privileges for Running Database Designer Functions

Non-DBADMIN users with the DBDUSER role can run Database Designer functions. Two steps are required to enable users to run these functions:

  1. A DBADMIN or superuser grants the user the DBDUSER role:

    => GRANT DBDUSER TO username;

    This role persists until the DBADMIN revokes it.

  2. Before the DBDUSER can run Database Designer functions, one of the following must occur:

    • The user enables the DBDUSER role:

      => SET ROLE DBDUSER;
    • The superuser sets the user's default role to DBDUSER:

      => ALTER USER username DEFAULT ROLE DBDUSER;

General DBDUSER Limitations

As a DBDUSER, the following restrictions apply:

  • You can set a design's K-safety to a value less than or equal to system K-safety. You cannot change system K-safety.
  • You cannot explicitly change the ancient history mark (AHM), even during design deployment.

Design Dependencies and Privileges

Individual design tasks are likely to have dependencies that require specific privileges:

Task Required privileges

Add tables to a design

  • USAGE privilege on the design table schema
  • OWNER privilege on the design table

Add a single design query to the design

  • Privilege to execute the design query

Add a query file to the design

  • Read privilege on the storage location that contains the query file
  • Privilege to execute all the queries in the file

Add queries from the result of a user query to the design

  • Privilege to execute the user query
  • Privilege to execute each design query retrieved from the results of the user query

Create design and deployment scripts

  • WRITE privilege on the storage location of the design script
  • WRITE privilege on the storage location of the deployment script