|User Type||Who creates them and the privileges that they have||Privileges they can and cannot grant, and users that they can create|
|zone creators||A Vantage user who has the following rights with the WITH GRANT privilege may explicitly grant the following privileges to zone creators:
||Zone creators cannot grant any privileges to zone users.
Zone creators can create zone guests from users or roles that were previously created outside the zone.
|primary zone DBA||The zone creator either:
||The primary DBA can do the following:
|zone user (includes the primary DBA)||A primary DBA or any previously created zone user creates other users in a zone under the hierarchy of zone root, using the existing CREATE USER syntax.||Zone users can create zone users, databases, and TVM objects using existing DDL syntax.
Only zone users can grant privileges on database objects in a zone to zone guests. No privileges can be granted to a zone guest with the WITH GRANT OPTION privilege.
|zone guest||The zone creator creates zone guests using the GRANT ZONE syntax.
A zone guest cannot access zone objects unless a zone user explicitly grants them privileges to create objects or grants them privileges to access existing objects in the zone where they are guests.
|Zone guests with the required privileges can do the following: