Tenant administration authority (TENANTADM)

TENANTADM authority is the administrative authority for a specific tenant. The tenant administrator has the required privilege to create and manage objects in a tenant.

TENANTDM authority can only be granted or revoked by a user holding database SECADM or database ACCESSCTRL authority or tenant ACCESSCTRL authority. It can be granted to a user, a group, or a role. However, it cannot be granted with grant option or be granted on any tenant whose name begins with the "SYS". Additionally, PUBLIC cannot obtain the TENANTADM authority directly or indirectly through a role.

Having the TENANTADM authority on a tenant gives a user the following privileges on that tenant:

• Create, alter, and drop non-security related tenant objects
• Reorganize indexes/tables in the tenant
• Use RUNSTATS utility on tables defined in the tenant
• Bind privilege on packages defined in the tenant
• Tenant LOAD authority

The authority is the subset of the database DBADM authority with its scope limited only to the tenant on which it is granted.