Privileges for running Database Designer functions

Non-DBADMIN users with the DBDUSER role can run Database Designer functions.

Non-DBADMIN users with the DBDUSER role can run Database Designer functions. Two steps are required to enable users to run these functions:

A DBADMIN or superuser grants the user the DBDUSER role:
```
=> GRANT DBDUSER TO username;
```
This role persists until the DBADMIN revokes it.
Before the DBDUSER can run Database Designer functions, one of the following must occur:
- The user enables the DBDUSER role:
```
=> SET ROLE DBDUSER;
```
- The superuser sets the user's default role to DBDUSER:
```
=> ALTER USER username DEFAULT ROLE DBDUSER;
```

General DBDUSER limitations

As a DBDUSER, the following restrictions apply:

You can set a design's K-safety to a value less than or equal to system K-safety. You cannot change system K-safety.
You cannot explicitly change the ancient history mark (AHM), even during design deployment.

Individual design tasks are likely to have dependencies that require specific privileges:

Task	Required privileges
Add tables to a design	USAGE privilege on the design table schema OWNER privilege on the design table
Add a single design query to the design	Privilege to execute the design query
Add a query file to the design	Read privilege on the storage location that contains the query file Privilege to execute all the queries in the file
Add queries from the result of a user query to the design	Privilege to execute the user query Privilege to execute each design query retrieved from the results of the user query
Create design and deployment scripts	WRITE privilege on the storage location of the design script WRITE privilege on the storage location of the deployment script