CREATE GROUP

Use the CREATE GROUP command to create a group with additional clauses for history and security characteristics.

Synopsis

Syntax for creating a security group:
CREATE GROUP <group-name> [WITH] [<create_group_clause>]...
<create_group_clause> ::=
             ROWSETLIMIT <limit>
        |   SESSIONTIMEOUT <limit>
        |   QUERYTIMEOUT <limit>
        |   DEFPRIORITY <priority_type>
        |   MAXPRIORITY <priority_type>
        |   SYSID <id-number>
        |   RESOURCELIMIT <percent>
        |   [ADD] USER { <user-name> },...
        |   COLLECT HISTORY { ON | OFF | DEFAULT }
        |   CONCURRENT SESSIONS <limit>
        |   ALLOW CROSS JOIN [TRUE|FALSE|NULL]
        |   ACCESS TIME { ALL | DEFAULT | ( <access-time>,... )
            <access-time> ::= DAY { ALL | <day>, ... } [ <time-bound> ]
            <time-bound>  ::= START <time-literal> END <time-literal> ]

Inputs

The CREATE GROUP command has the following additional inputs:
Table 1. CREATE GROUP inputs
Input Description
COLLECT HISTORY [ ON | OFF | DEFAULT ] Determines whether this session of a group collects history. ON indicates that history is collected for this group when connected to a database that also has COLLECT HISTORY ON. OFF indicates that history is not collected for this group. DEFAULT means to examine groups this group is a member of to determine whether to collect history. If any group has COLLECT HISTORY ON, then history is collected when connected to a database that also has COLLECT HISTORY ON. If no group has COLLECT HISTORY ON, but a group has COLLECT HISTORY OFF, then no history is collected. If all groups have DEFAULT history collection, the history is collected. DEFAULT is the default for a group, if the COLLECT HISTORY clause is not specified.
CONCURRENT SESSIONS <limit> Sets the maximum number of concurrent sessions this group can have. A value of 0 means no limit to the number of concurrent sessions, unless a limit is imposed by a group of which this group is a member. In that case, the minimum limit of concurrent sessions across all such groups is used.
ALLOW CROSS JOIN [TRUE | FALSE | NULL] Sets user or group permission to allow explicit cross joins. If NULL is defined for a user, the system checks against the group permission, and takes the lowest non-null value, where FALSE is lower than TRUE.

This setting involves a system-wide change, so notify all affected users before making this change.

ACCESS TIME ALL Indicates that this group can start sessions on the Netezza Performance Server system at any time on any day.
ACCESS TIME DEFAULT If the group has no access time restrictions, then a user can start sessions at any time on any day. The access time restriction is evaluated for every group that has one. If any group restricts access, the user cannot create a session. That is, the most restrictive access policy is applied.
access-time Specifies one access time subclause; several can be specified. An access time subclause defines one or more days by the standard SQL day number (1 = Sunday, 7 = Saturday). The keyword ALL can be use to specify all days of the week; it is equivalent to 1,2,3,4,5,6,7. An access time subclause optionally contains one time bound. If no time bound is specified, then the group can create a session at any time on the specified day.
time-bound Specifies a time range from a start time to an end time. The times can be specified as any valid SQL time literal. It is possible to repeat the same day specification multiple times with different time bounds.

Outputs

The CREATE GROUP command has the following output:
Table 2. CREATE GROUP output
Output Description
ERROR: permission denied. You must have Manage Security privilege to set the security label audit category or history collection for a group.

Description

For details about all the options of the CREATE GROUP command, see theIBM® Netezza® Database User’s Guide. The CREATE GROUP command has the following characteristics:
Privileges required
You must have Manage Security privilege to create a group with additional clauses.
Common tasks
Use the CREATE GROUP command to create a group with additional clauses.

Usage

The following provides sample usage:
CREATE GROUP FLIGHT;