Manage user account privileges

Before you create your UDXs, make sure that you familiarize yourself with the required account privileges necessary to create and manage these objects.

The admin user has privilege to manage and execute UDXs. In addition, the owner (that is, the user who created the UDF, UDA, or user-defined shared library) has privilege to manage and execute the objects that the user creates.

The database owner also has full privileges on all the objects, including UDXs, in the database. For systems that support multiple schemas, the schema owner has full privileges on all the objects, including UDXs, in the schema.

As the admin or any user who has account management privileges, you can grant other users privilege to register, manage, or execute the user-defined functions and aggregates on a Netezza Performance Server system. You can assign privileges by using the NPS Web Console privilege support interface or by using the GRANT and REVOKE Netezza Performance Server SQL commands.

If you use Netezza Performance Server SQL commands to manage account permissions, the database to which you are connected has meaning when you run the GRANT command. If you are connected to the SYSTEM database, the privilege applies to all databases. If you are connected to a specific database, the privilege applies only within that database.

You can use a fully qualified object notation to set the scope of object privileges from any database. The fully qualified object notation has the format database. schema.object, where:

  • database is a specific database name or the keyword ALL to grant the privilege across all databases.
  • schema is a specific schema name or the keyword ALL for all schemas in the specified database value.
  • object is a class such as FUNCTION, AGGREGATE, or LIBRARY to manage all objects of that class type, or a full signature such as customer(VARCHAR(20)).

Make sure that you specify the correct signature including the sizes for numeric and string datatypes, otherwise you receive an error similar to the following message:

Error:  GrantAggregate: existing UDX name(argument type list) differs 
in size of string/numeric arguments
You can use a similar format to set the scope of administrative privileges from any database. The scope notation has the format IN database.schema, where:
  • database is a specific database name or the keyword ALL to grant the privilege across all databases. You can omit a database name.
  • schema is a specific schema name or the keyword ALL for all schemas in the specified database. If you omit the database name, the scope is for ALL schemas or all the schemas of the specified name.