Database object privileges

Privileges can be granted explicitly on most user-visible objects in a Vertica database, such as tables and models.

Privileges can be granted explicitly on most user-visible objects in a Vertica database, such as tables and models. For some objects such as projections, privileges are implicitly derived from other objects.

Explicitly granted privileges

The following table provides an overview of privileges that can be explicitly granted on Vertica database objects:

Database Object	Privileges
Database Object	ALTER	DROP	CREATE	DELETE	EXECUTE	INSERT	READ	REFERENCES	SELECT	TEMP	TRUNCATE	UPDATE	USAGE	WRITE
Database			•							•
Schema	!	!	•	!		!		!	!		!	!	•
Table	•	•		•		•		•	•		•	•
View	•	•							•
Sequence	•	•							•
Procedure					•
User-defined function	•	•			•
Model	•	•											•
Library													•
Resource Pool													•
Storage Location							•							•
Key	•	•												•
TLS Configuration	•

Implicitly granted privileges

Metadata privileges

Superusers have unrestricted access to all non-cryptographic database metadata. For non-superusers, access to the metadata of specific objects depends on their privileges on those objects:

Metadata	User access
Catalog objects: Tables Columns Constraints Sequences External procedures Projections ROS containers	Users must possess USAGE privilege on the schema and any type of access (SELECT) or modify privilege on the object to see catalog metadata about the object. For internal objects such as projections and ROS containers, which have no access privileges directly associated with them, you must have the requisite privileges on the associated schema and tables to view their metadata. For example, to determine whether a table has any projection data, you must have USAGE on the table schema and SELECT on the table.
User sessions and functions, and system tables related to these sessions	Non-superusers can access information about their own (current) sessions only, using the following functions: CURRENT_DATABASE CURRENT_SCHEMA CURRENT_USER / SESSION_USER HAS_TABLE_PRIVILEGE

Metadata

User access

Catalog objects:

Tables
Columns
Constraints
Sequences
External procedures
Projections
ROS containers

Users must possess USAGE privilege on the schema and any type of access (SELECT) or modify privilege on the object to see catalog metadata about the object.

For internal objects such as projections and ROS containers, which have no access privileges directly associated with them, you must have the requisite privileges on the associated schema and tables to view their metadata. For example, to determine whether a table has any projection data, you must have USAGE on the table schema and SELECT on the table.

User sessions and functions, and system tables related to these sessions

Non-superusers can access information about their own (current) sessions only, using the following functions:

Projection privileges

Projections, which store table data, do not have an owner or privileges directly associated with them. Instead, the privileges to create, access, or alter a projection are derived from the privileges that are set on its anchor tables and respective schemas.

Cryptographic privileges

Unless they have ownership, superusers only have implicit DROP privileges on keys, certificates, and TLS Configurations. This allows superusers to see the existence of these objects in their respective system tables (CRYPTOGRAPHIC_KEYS, CERTIFICATES, and TLS_CONFIGURATIONS) and DROP them, but does not allow them to see the key or certificate texts.

For details on granting additional privileges, see GRANT (key) and GRANT (TLS configuration).