CREATE PRIVILEGE GROUP
Syntax
CREATE PRIVILEGE GROUP pg-name [ ADD ( authid [, authid ] ... ) ];
Description
The CREATE PRIVILEGE GROUP statement creates an explicit privilege group and optionally adds one or more users as group members.
Parameters
pg-name
- is the name of the privilege group, a SQL identifier. It cannot be in the same format as a valid Guardian group name.
authid
- specifies an authorization ID which must be a valid existing Guardian username, enclosed in double quotes or an External Username that is already associated with one of the Guardian users. If authid is a Guardian username, then it is not case-sensitive.
Considerations
-
The metadata for the system catalog must be 3500 or higher.
-
Without the optional ADD clause, the CREATE PRIVILEGE GROUP creates a privilege group with no members and is owned by the creating user.
-
While creating the privilege group, you cannot specify the same username twice.
Authorization Requirements
If the user creating the privilege group is a member of the Security Administrator’s group, then the ADD clause cannot include any member of the Security Administrator’s group.
Example Command
-
To create a privilege group:
CREATE PRIVILEGE GROUP temp_users;
-
To create a privilege group and add one user with External Username:
CREATE PRIVILEGE GROUP "Database Admins" ADD ( "customer@hpe.com" );