Cirro has built-in privileges which can be granted, revoked, or denied.

Table privileges

Table privileges are available for use by Cirro users or roles.

Statement(s) Description Securables
ALL PRIVILEGES Grants all applicable privileges on the specified securable. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1

SELECT Select data. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
INSERT Insert data. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
DELETE Delete data. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
UPDATE

REFRESH MATERIALIZED VIEW
Update existing data. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
ALTER VIEW Modifies a view. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
DROP VIEW Drops a view. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
ALTER METADATA Modify metadata. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1

Schema privileges

Schema privileges affect all Schema objects

Statement(s) Description Securables
CREATE TABLE

CREATE MATERIALIZED VIEW
Create a new table. *

System1.

System1.db1.


System1.db1.sch1.*
ALTER TABLE Modify a table.

System1.


System1.db1.

System1.db1.sch1.


System1.db1.sch1.table1
DROP TABLE

DROP MATERIALIZED VIEW
Remove a table *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
CREATE TEMP TABLE Create a temporary table. *

System1.

System1.db1.


System1.db1.sch1.*
ALTER TEMP TABLE Modify a temporary table. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
DROP TEMP TABLE

DROP TABLE
Removes a temporary table. *

System1.

System1.db1.


System1.db1.sch1.*

System1.db1.sch1.table1
CREATE VIEW Creates a view. *

System1.

System1.db1.


System1.db1.sch1.*

System privileges

System privileges affect datasource systems.

STATEMENT(S) Description Securables
PASSTHROUGH

SET PASSTHROUGH
Modify the passthrough mode setting. *

System1.*
ADD AUTHORIZATION Ability to add authorization on a system. *

System1.*
DROP AUTHORIZATION Ability to remove authorization from a system. *

System1.*
ADD SELF AUTHORIZATION This permission is included implicitly when ADD AUTHORIZATION is granted. When granted separately, ADD SELF AUTHORIZATION allows a user to authorize databases for his or her own use, but the user cannot grant authorization to other users. *

System1.*
DROP SELF AUTHORIZATION This permission is included implicitly when DROP AUTHORIZATION is granted. When granted separately, DROP SELF AUTHORIZATION allows a user to authorize dropping databases for his or her own use, but the user cannot grant drop authorization to other users. *

System1.*
HDFS READ Read from an HDFS file system *
HDFS WRITE Write to a HDFS file system *
MKDIR Create a file system directory *
MOVE Move files in a file system *
REMOVE Remove files in a file system *
RENAME Rename an existing table *
INCLUDE Exclude a previously-excluded schema for a data source. *

System1.db1.

System1.db1.sch1.
EXCLUDE Excludes a schema for a data source. *

System1.db1.

System1.db1.sch1.

Database System setup privileges

STATEMENT(S) Description Securables
CREATE SYSTEM Creation of a Cirro system. *
DROP SYSTEM Remove a Cirro system. *

System1.*
ALTER SYSTEM Modify a Cirro system. *

System1.*
CREATE REMOTE DATABASE Create a local synonym for a remote database. *
ALTER REMOTE DATABASE Modify a remote database. *
DROP REMOTE DATABASE Remove a remote database. *
CREATE REMOTE FUNCTION Adds a local mapping to a remote function. System1.db1.sch1.*
DROP REMOTE FUNCTION Removes a local mapping to a remote function. System1.db1.sch1.table1
CREATE TABLE WITHOUT DESTINATION

CREATE TABLE
Allows the user to issue CREATE TABLE commands which create work tables wherever the Cirro system deems most appropriate. This permission is always required if the user will execute CREATE TABLE, unless the user will only create working tables on specific data sources. The permission does not automatically grant authorizationto the target system for the generated table. The user should also be granted authorization on any target systems. *

System1.*

Cirro User Account privilges

STATEMENT(S) Description Securables
CREATE USER Create a Cirro user.  
ALTER USER Modify a Cirro user.  
DROP USER Drop a Cirro user.  
COPY USER Allows the CREATE USER … LIKE … syntax to be used. This new privilege is required as it allows a new user to be created “like” any other user. This means that a user with this privilege can create a new super user (root) and so this operation needs to be extra protected  
CREATE ROLE Create a Cirro role.  
DROP ROLE Drop a Cirro role  
GRANT role Grants a Cirro role membership to a Cirro user.  
REVOKE role Revoke a Cirro role membership from a Cirro user  
CANCEL QUERIES

CANCEL SESSION
Ability to cancel queries for other users. (All users have the ability to cancel their own queries.) *

Cirro Hub privileges

Cirro Hub privileges (also known as Command Centre or Cirro Server) work on the underlying Cirro system.

STATEMENT(S) Description Securables
SET DESCRIBE Ability to retrieve query metadata *
SET NUMBEROFRDBMSTRANSFERTHREADS Ability to specify RDBMS transfer threads. *
SET NUMSQOOPMAPTASKS Set number of Squoop map tasks *
SET NUMBEROFMAPPERS Set number of mappers *
SET NUMBEROFREDUCERS Set number of reducers *
SET SQUOOP OPTIONS Ability to set Squoop options. *
RESTART SERVER Ability to restart a Cirro Data Hub. *
CLEAR CACHE

CALL SYSCS_UTIL.SYSCSC_FREE_CACHE();
Clear the Cirro Data Hub cache. *
LOG ACCESS Access Cirro Data Hub logs. This supports the “Gather Logs” function in the Cirro Analyst for Excel tool. *
CREATE DRIVER Ability to create a system driver. *
ALTER DRIVER Ability to modify a system driver *
DROP DRIVER Ability to drop a system driver *
CONNECT Ability to connect to a Cirro Data Hub *
SET PAUSECLEANUP Pauses a cleanup operation. *
SET RUNMODE Ability to use the Force Runmode optimizer hint *
SET SERVER_NAME Sets a server name *
SET LOGGING_LEVEL Sets logging levels *

Migration privileges

These privileges are used for data transfer between datasources.

STATEMENT(S) Description Securables
CREATE JOB Permission to create a scheduled job *
DROP JOB Permission to drop a scheduled job *

See Also