CREATE GROUP
Use the CREATE GROUP command to create a group with additional clauses for history and security characteristics.
Synopsis
Syntax for creating a security
group:
CREATE GROUP <group-name> [WITH] [<create_group_clause>]...
<create_group_clause> ::=
ROWSETLIMIT <limit>
| SESSIONTIMEOUT <limit>
| QUERYTIMEOUT <limit>
| DEFPRIORITY <priority_type>
| MAXPRIORITY <priority_type>
| SYSID <id-number>
| RESOURCELIMIT <percent>
| [ADD] USER { <user-name> },...
| COLLECT HISTORY { ON | OFF | DEFAULT }
| CONCURRENT SESSIONS <limit>
| ALLOW CROSS JOIN [TRUE|FALSE|NULL]
| ACCESS TIME { ALL | DEFAULT | ( <access-time>,... )
<access-time> ::= DAY { ALL | <day>, ... } [ <time-bound> ]
<time-bound> ::= START <time-literal> END <time-literal> ]
Inputs
The CREATE GROUP command has the
following additional inputs:
Input | Description |
---|---|
COLLECT HISTORY [ ON | OFF | DEFAULT ] | Determines whether this session of a group collects history. ON indicates that history is collected for this group when connected to a database that also has COLLECT HISTORY ON. OFF indicates that history is not collected for this group. DEFAULT means to examine groups this group is a member of to determine whether to collect history. If any group has COLLECT HISTORY ON, then history is collected when connected to a database that also has COLLECT HISTORY ON. If no group has COLLECT HISTORY ON, but a group has COLLECT HISTORY OFF, then no history is collected. If all groups have DEFAULT history collection, the history is collected. DEFAULT is the default for a group, if the COLLECT HISTORY clause is not specified. |
CONCURRENT SESSIONS <limit> | Sets the maximum number of concurrent sessions this group can have. A value of 0 means no limit to the number of concurrent sessions, unless a limit is imposed by a group of which this group is a member. In that case, the minimum limit of concurrent sessions across all such groups is used. |
ALLOW CROSS JOIN [TRUE | FALSE | NULL] | Sets user or group permission to allow explicit cross joins.
If NULL is defined for a user, the system checks against the group
permission, and takes the lowest non-null value, where FALSE is lower
than TRUE. This setting involves a system-wide change, so notify all affected users before making this change. |
ACCESS TIME ALL | Indicates that this group can start sessions on the Netezza Performance Server system at any time on any day. |
ACCESS TIME DEFAULT | If the group has no access time restrictions, then a user can start sessions at any time on any day. The access time restriction is evaluated for every group that has one. If any group restricts access, the user cannot create a session. That is, the most restrictive access policy is applied. |
access-time | Specifies one access time subclause; several can be specified. An access time subclause defines one or more days by the standard SQL day number (1 = Sunday, 7 = Saturday). The keyword ALL can be use to specify all days of the week; it is equivalent to 1,2,3,4,5,6,7. An access time subclause optionally contains one time bound. If no time bound is specified, then the group can create a session at any time on the specified day. |
time-bound | Specifies a time range from a start time to an end time. The times can be specified as any valid SQL time literal. It is possible to repeat the same day specification multiple times with different time bounds. |
Outputs
The CREATE GROUP command has the
following output:
Output | Description |
---|---|
ERROR: permission denied. | You must have Manage Security privilege to set the security label audit category or history collection for a group. |
Description
For details about all the options
of the CREATE GROUP command, see theIBM® Netezza® Database User’s Guide.
The CREATE GROUP command has the following characteristics:
- Privileges required
- You must have Manage Security privilege to create a group with additional clauses.
- Common tasks
- Use the CREATE GROUP command to create a group with additional clauses.
Usage
The following provides sample usage:
CREATE GROUP FLIGHT;