Permissions on dbspaces

Only the CREATE permission is supported on dbspaces. The CREATE permission allows a user to create database objects in the specified dbspace. You can grant CREATE permission for a dbspace by executing a GRANT CREATE ON statement. See GRANT statement.

Dbspace permissions behave as follows:

  • A user trying to create a new object with underlying data must have CREATE permission on the dbspace where the data is being placed.

  • Even if a GRANT CREATE ON statement was issued, the user (grantee) must have RESOURCE authority to create new database objects.

  • The current list of objects that can be placed in specific dbspaces, and that require the CREATE permission, includes tables, indexes, text indexes, and materialized views. Note that objects such as normal views and procedures do not have any underlying data and do not require the CREATE permission.

  • A user can be granted the CREATE permission directly, or they can inherit the permission through membership in a group that has been granted the permission.

  • It is possible to grant PUBLIC the CREATE permission on a specific dbspace, in which case any user who also has RESOURCE authority can create objects on the dbspace.

  • A newly-created dbspace automatically grants CREATE permission on itself to PUBLIC.

  • It is possible to revoke permissions, for example when trying to secure a dbspace. Permissions on the internal dbspaces system and temporary can also be managed to control access.

  • Creating local temporary tables does not require any permissions; dbspace permissions do not affect the creation of local temporary tables. However, the creation of global temporary tables requires RESOURCE authority and CREATE permission on the temporary dbspace.

 See also