User Type | Who creates them and the privileges that they have | Privileges they can and cannot grant, and users that they can create |
---|---|---|
zone creators | A Vantage user who has the following rights with the WITH GRANT privilege may explicitly grant the following privileges to zone creators:
|
Zone creators cannot grant any privileges to zone users. Zone creators can create zone guests from users or roles that were previously created outside the zone. |
primary zone DBA | The zone creator either:
|
The primary DBA can do the following:
|
zone user (includes the primary DBA) | A primary DBA or any previously created zone user creates other users in a zone under the hierarchy of zone root, using the existing CREATE USER syntax. | Zone users can create zone users, databases, and TVM objects using existing DDL syntax. Only zone users can grant privileges on database objects in a zone to zone guests. No privileges can be granted to a zone guest with the WITH GRANT OPTION privilege. |
zone guest | The zone creator creates zone guests using the GRANT ZONE syntax. A zone guest cannot access zone objects unless a zone user explicitly grants them privileges to create objects or grants them privileges to access existing objects in the zone where they are guests. |
Zone guests with the required privileges can do the following:
|