Who can run Database Designer

Two types of users can use Database Designer to create an optimal database design.

1: Granting and enabling the DBDUSER role

1.1: Allowing the DBDUSER to run Database Designer using Management Console
1.2: Allowing the DBDUSER to run Database Designer programmatically

2: DBDUSER capabilities and limitations

Two types of users can use Database Designer to create an optimal database design. DBADMIN users, and users with the DBDUSER role. The topics in this section describe how DBDUSERs can use Database Designer.

1 - Granting and enabling the DBDUSER role

For a non-DBADMIN user to be able to run Database Designer using Management Console, follow the steps described in Allowing the DBDUSER to Run Database Designer Using Management Console.

For a non-DBADMIN user to be able to run Database Designer using Management Console, follow the steps described in Allowing the DBDUSER to run Database Designer using Management Console.

For a non-DBADMIN user to be able to run Database Designer programmatically, following the steps described in Allowing the DBDUSER to run Database Designer programmatically.

Important

When you grant the DBDUSER role, make sure to associate a resource pool with that user to manage resources during Database Designer runs. (For instructions about how to associate a resource pool with a user, see User profiles.)

Multiple users can run Database Designer concurrently without interfering with each other or using up all the cluster resources. When a user runs Database Designer, either using the Management Console or programmatically, its execution is mostly contained by the user's resource pool, but may spill over into system resource pools for less-intensive tasks.

1.1 - Allowing the DBDUSER to run Database Designer using Management Console

To allow a user with the DBDUSER role to run Database Designer using Management Console, you must create the user on the Vertica server.

As DBADMIN, take these steps on the server:

Add a temporary folder to all cluster nodes.

=> CREATE LOCATION '/tmp/dbd' ALL NODES;

Create the user who needs access to Database Designer.
```
=> CREATE USER new_user;
```
Grant the user the privilege to create schemas on the database for which they want to create a design.
```
=> GRANT CREATE ON DATABASE new_database TO new_user;
```
Grant the DBDUSER role to the new user.
```
=> GRANT DBDUSER TO new_user;
```
On all nodes in the cluster, grant the user access to the temporary folder.
```
=> GRANT ALL ON LOCATION '/tmp/dbd' TO new_user;
```

Grant the new user access to the database schema and its tables.

=> GRANT ALL ON SCHEMA user_schema TO new_user;
=> GRANT ALL ON ALL TABLES IN SCHEMA user_schema TO new_user;

After you have completed this task, map the MC user to new_user:

Log in to Management Console as an MC Super user.
Click MC Settings.
Click User Management.
To create a new MC user, click Add.To use an existing MC user, select the user and click Edit.
Next to the DB access level window, click Add.
In the Add Permissions window, do the following:
1. From the Choose a database drop-down list, select the database for which you want the user to be able to create a design.
2. In the Database username field, enter the user name you created on the Vertica server, new_user in this example.
3. In the Database password field, enter the database password.
4. In the Restrict access drop-down list, select the level of MC user you want for this user.
Click OK to save your changes.
Log out of the MC Super user account.

The MC user is now mapped to the user that you created on the Vertica server. Log in as the MC user and use Database Designer to create an optimized design for your database.

For more information about MC users, see Users in Management Console.

1.2 - Allowing the DBDUSER to run Database Designer programmatically

To allow a user with the DBDUSER role to run Database Designer programmatically, take these steps:.

To allow a user with the DBDUSER role to run Database Designer programmatically, take these steps:

The DBADMIN user must grant the DBDUSER role:
```
=> GRANT DBDUSER TO <username>;
```
This role persists until the DBADMIN user revokes it.
For a non-DBADMIN user to run the Database Designer programmatically or using Management Console, one of the following two steps must happen first:
- If the user's default role is already DBDUSER, skip this step. Otherwise, The user must enable the DBDUSER role:
```
=> SET ROLE DBDUSER;
```
- The DBADMIN must add DBDUSER as the default role for that user:
```
=> ALTER USER  DEFAULT ROLE DBDUSER;
```

2 - DBDUSER capabilities and limitations

The DBDUSER role has the following capabilities and limitations:.

The DBDUSER role has the following capabilities and limitations:

A DBDUSER cannot create a design with a K-safety less than the system K-safety. If the designs violate the current K-safety by not having enough buddy projections for the tables, the design does not complete.
A DBDUSER cannot explicitly change the ancient history mark (AHM), even during deployment of their design.

When you create a design, you automatically have privileges to manipulate that design. Other tasks may require that the DBDUSER have additional privileges:

To...	DBDUSER must have...
Submit design tables	USAGE privilege on the design table schema OWNER privilege on the design table
Submit a single design query	Privilege to execute the design query
Submit a file of design queries	Read privilege on the storage location that contains the query file Privilege to execute all the queries in the file
Submit design queries from the result of a user query	Privilege to execute the user query Privilege to execute each design query retrieved from the results of the user query
Create the design and deployment scripts	WRITE privilege on the storage location of the design script WRITE privilege on the storage location of the deployment script