MC Database Privileges

When you create MC users, you first assign them MC configuration privileges, which controls what they can do on the MC itself. In the same user-creation operation, you grant access to one or more MC-managed databases. MC database access does not give the MC user privileges directly on Vertica; it provides MC users varying levels of access to assigned database functionality through the MC interface.

Assign users an MC database level through one of the following roles:

  • ADMIN Role (db)—Full access to all databases managed by MC. Actual privileges ADMINs inherit depend on the database user account used to create or import the Vertica database into the MC interface.
  • Associate Role (Database)—Full access to all databases managed by MC. Cannot start, stop, or drop a database. Actual privileges that Associates receive depend on those defined for the database user account to which the Associate user is mapped.
  • IT Role (db)—Can start and stop a database but cannot remove it from the MC interface or drop it.
  • USER Role (db)—Can view database information through the database Overview and Activities pages but is restricted from viewing more detailed data.

Mapping MC Users to Database to Avoid Conflicts

When you assign an MC database level to an MC user, map the MC user account to a database user account to ensure that:

  • The MC user inherits the privileges assigned to that database user
  • You prevent the MC user from doing or seeing anything not allowed by the privileges for the user account on the server database

Privileges assigned to the database user supersede privileges of the MC user if there is a conflict, such as stopping a database. When the MC user logs into MC using an MC user name and password, Vertica compares privileges for database-related activities to the privileges on the database account to which you mapped the MC user. Vertica allows the user to perform operations in MC only when that user has both MC privileges and corresponding database privileges.

As a best practice, you should identify, in advance, the appropriate Vertica database user account that has privileges or roles similar to one of the MC database roles.

See Creating an MC User for more information.

MC Database Privileges By Role

The following table summarizes MC database-level privileges by user role. The table shows the default privileges each role has. Operations marked "database user privilege" are dependent on the privileges of the Vertica database user account to which the MC user is mapped.

Default database-level privileges ADMIN ASSOCIATE IT USER

View database Overview page

Yes

Yes

Yes

Yes

View database messages

Yes

Yes Yes

Yes

Delete messages and mark read/unread

Yes

Yes

Yes

Audit and install Vertica licenses Database user privilege Database user privilege    

View database Activity page:

  • Queries chart
  • Internal Sessions chart
  • User Sessions chart
  • System Bottlenecks chart
  • User Query Phases chart

Yes

Database user privilege

Database user privilege

Database user privilege

View database Activity page:

  • Queries chart > Detail page
  • Table Treemap chart
  • Query Monitoring chart
  • Resource Pools Monitoring chart
Database user privilege Database user privilege    

Start a database

Yes

 
Rebalance, stop, or drop databases Database user privilege      

View Manage page

Yes

Yes

Yes

Yes

View node details

Yes

Yes

Yes

Replace, add, or remove nodes Database user privilege      

Start/stop a node

Yes

 
View database Settings page Yes Yes Yes  
Modify database Settings page Database user privilege Database user privilege    
View Database Designer Database user privilege Database user privilege