Required privileges
To work the analytics models and their metadata, you must have the required privileges. Privileges can be granted or revoked similar to the existing database privileges. Additionally, analytics models have an owner.
When a model privilege is granted or revoked, it is granted or revoked for all model components. When a stored procedure for a model is executed, the procedure checks the privileges for the model components and the user authorities.
There are two types of privileges, administrator privileges and object privileges. Administrator privileges are not bound to a specific model; object privileges are bound to a specific model.
- The CREATE privilege is automatically granted to every user who is enabled for working with analytic stored procedures.
- To grant a SELECT privilege or a CONTROL privilege for a model, use the GRANT_MODEL stored procedure.
- To revoke a SELECT privilege or a CONTROL privilege for a model, use the REVOKE_MODEL stored procedure.
The following table shows the privileges that are required for analytics models:
| Privilege | Type | Description |
|---|---|---|
| CREATE | Administrator | To create an analytics model |
| SELECT | Object | To display a model and its properties |
| Object | To read the tables and views of a model | |
| CONTROL The CONTROL privilege includes the SELECT privilege. |
Object | To drop a model |
| Object | To change the properties of a model | |
| Object | To change the contents of a model |
- The name of the model owner is stored in the metadata tables. Therefore, the name of the model owner and the name of the owner of the model tables must be identical.
- Do not change privileges of model components, such as tables and views, manually but only through the stored procedures of the metadata management.