Administrator privileges

Administrator privileges give users and groups permission to execute global operations and to create objects.

When you grant a privilege, the user you grant the privilege to cannot pass that privilege onto another user by default. If you want to allow the user to grant the privilege to another user, include the WITH GRANT OPTION when you grant the privilege.

The following table describes the administrator privileges. The words in brackets are optional.
Table 1. Administrator privileges
Privilege Description
Backup Allows the user to perform backups. The user can run the nzbackup command.
[Create] Aggregate Allows the user to create user-defined aggregates (UDAs) and to operate on existing UDAs.
[Create] Database Allows the user to create databases. Permission to operate on existing databases is controlled by object privileges.
[Create] External Table Allows the user to create external tables. Permission to operate on existing tables is controlled by object privileges.
[Create] Function Allows the user to create user-defined functions (UDFs) and to operate on existing UDFs.
[Create] Group Allows the user to create groups and roles. Permission to operate on existing groups and roles is controlled by object privileges.
[Create] Library Allows the user to create user-defined shared libraries. Permission to operate on existing shared libraries.
[Create] Materialized View Allows the user to create materialized views.
[Create] Procedure Allows the user to create stored procedures.
[Create] Scheduler Rule Allows the user to create scheduler rules and to show, drop, alter, or set (deactivate or reactivate) any rule, regardless of who created or owns it.
[Create] Sequence Allows the user to create database sequences.
[Create] Synonym Allows the user to create synonyms.
[Create] Table Allows the user to create tables. Permission to operate on existing tables is controlled by object privileges.
[Create] Temp Table Allows the user to create temporary tables. Permission to operate on existing tables is controlled by object privileges.
[Create] User Allows the user to create users. Permission to operate on existing users is controlled by object privileges.
[Create] View Allows the user to create views. Permission to operate on existing views is controlled by object privileges.
[Manage] Hardware Allows the user to do the following hardware-related operations: view hardware status, manage SPUs, manage topology and mirroring, and run diagnostic tests. The user can run the nzds and nzhw commands.
[Manage] Security Allows the user to run commands and operations that relate to the following advanced security options such as: managing and configuring history databases; managing multi-level security objects and specifying security for users and groups; managing database key stores and keys and key stores for the digital signing of audit data.
[Manage] System Allows the user to do the following management operations: start, stop, pause, or resume the system, abort sessions, and view the distribution map, system statistics, logs, and plan files from active query or query history lists. The user can use the following commands: nzsystem, nzstate, nzstats, and nzsession priority.
Restore Allows the user to restore the system. The user can run the nzrestore command.
Unfence Allows the user to create an unfenced user-defined function (UDF) or user-defined aggregate (UDA), or to unfence an existing fenced UDF or UDA if the user has permission to create or alter it. For more information, see the IBM® Netezza® User-Defined Functions Developer's Guide.