Database object privileges

Privileges can be granted explicitly on most user-visible objects in a Vertica database, such as tables and models.

Privileges can be granted explicitly on most user-visible objects in a Vertica database, such as tables and models. For some objects such as projections, privileges are implicitly derived from other objects.

Explicitly granted privileges

The following table provides an overview of privileges that can be explicitly granted on Vertica database objects:

Database Object Privileges
ALTER DROP CREATE DELETE EXECUTE INSERT READ REFERENCES SELECT TEMP TRUNCATE UPDATE USAGE WRITE
Database
Schema ! ! ! ! ! ! ! !
Table
View
Sequence
Procedure
User-defined function
Model
Library
Resource Pool
Storage Location
TLS Configuration

Implicitly granted privileges

Metadata privileges

Superusers have unrestricted access to all database metadata. For non-superusers, access to the metadata of specific objects depends on their privileges on those objects:

Metadata User access

Catalog objects:

  • Tables

  • Columns

  • Constraints

  • Sequences

  • External procedures

  • Projections

  • ROS containers

Users must possess USAGE privilege on the schema and any type of access (SELECT) or modify privilege on the object to see catalog metadata about the object.

For internal objects such as projections and ROS containers, which have no access privileges directly associated with them, you must have the requisite privileges on the associated schema and tables to view their metadata. For example, to determine whether a table has any projection data, you must have USAGE on the table schema and SELECT on the table.

User sessions and functions, and system tables related to these sessions

Non-superusers can access information about their own (current) sessions only, using the following functions:

Projection privileges

Projections, which store table data, do not have an owner or privileges directly associated with them. Instead, the privileges to create, access, or alter a projection are derived from the privileges that are set on its anchor tables and respective schemas.