TDV Right | Description | Templates Where Right Occurs by Default |
Access Tools ACCESS_TOOLS | Gives end-users access to TDV tools (like Studio), command-line utilities (like backup_import), and APIs that connect with TDV. All Administrators, Developers, IT Operations, and personnel responsible for backup and restore must have this right to view and change TDV. Having this right is implicit in all discussions of access to or manipulation of TDV resources. Additional rights are required for full export or import of a TDV instance. Without this right, the user can only use JDBC, ODBC and Web Services to access the server and underlying native sources. | Administrator, Backup&Restore, Restore, Backup, Operations, Developer |
Modify All Config MODIFY_ALL_CONFIG | Lets the user modify all TDV configurations, perform full-server backup and restore, write CAR files; create, join, or leave a TDV cluster; and use the Cluster_util command line utility. | Administrator, Backup&Restore, Restore |
Modify All Resources MODIFY_ALL_RESOURCES | Gives full (Grant, Write, Select, Insert, Update, Delete, Execute) privileges on all resources, including the right to change privileges on any resource; change owner of a resource; import privileges; create copies of resources that retain original owner and privileges (also requires Modify All Users right); restore/import (also requires other rights). This right lets the user modify all resources and privileges on resources, and change the data source owner, even if the user has not explicitly been given privileges for that resource. | Administrator, Restore |
Modify All Status MODIFY_ALL_STATUS | Lets the user perform Manager and Server Overview actions (clear pool and test all data sources); view and clear query plans and caches; terminate sessions, requests, and transactions; stop and restart the server; view resource tables such as SYS_CACHES, SYS_DATASOURCE, SYS_STATISTICS, and SYS_TRIGGERS; test all data sources on the Manager panel; and synchronize domains. | Administrator |
Modify All Users MODIFY_ALL_USERS | Gives the user full administrative powers: lets the user create or modify domains, groups, and users and their rights; change resource owners; import resources with associated users and privileges (also requires Modify All Resources); paste while preserving user privileges. This right can be used to grant any other rights. Making changes on the Manager - Users pages requires this right. | Administrator, Backup&Restore, Restore |
Read All Config READ_ALL_CONFIG | Lets users browse TDV configuration settings by means of Studio, Manager, or a Web services operation. This includes the configuration panels. With the Read All Users right, gives view access to the Resource Management pages. Without the Read All Users right, manager-users can see only their own privileges and the privileges held by the groups to which they belong. With the Modify All Resources right, lets the user add, remove, and automatically correct dependency privilege settings. This right is appropriate for developers, although the Developer template does not include this right by default. | Administrator, Backup&Restore, Restore, Backup, Operations |
Read All Resources READ_ALL_RESOURCES | Lets the user view all resources; read all resources (even without explicit Read privileges); perform full server backup; execute backup_import; use Manager panels; execute any resource procedure; browse and edit resource services. Developers are not granted this right by default with the Developer template. | Administrator, Backup&Restore, Restore, Backup |
Read All Status READ_ALL_STATUS | Lets the user view TDV current state, sessions, transactions, requests, caches, support diagnostics, query plan view, cluster status; view event, server, and storage logs (accessible from the Administration -> Studio Logs menu); use the -profile option with server_util; view resource tables such as SYS_CACHES and SYS_DATASOURCE. The Active Resource tables are visible to users with this right, showing sessions, transactions, requests, caches, data sources, clusters, and so on, on Manager panels. This right is useful for developer, operations, and monitoring roles. | Administrator, Backup&Restore, Backup, Operations, Developer |
Read All Users READ_ALL_USERS | Lets the user browse all lists of domains, groups, and users using User Services or Manager; perform full server backup (along with Read All Resources and Read All Config); back up and restore the system (along with Read All Resources); reset the system namespace. It does not grant the ability to see any domain or user passwords. Viewing the Manager - Users pages requires this right. Developers are not granted this right by default with the Developer template. | Administrator, Backup, Restore, Backup&Restore |
Unlock Resources UNLOCK_RESOURCE | This right is created for releasing locks set by another user, the use case is for a designer who sets locks on resources, but for some reason the lock owner is not available to release the locks when change of those resources must be made by another developer. Only the lock owner or an administrator with the UNLOCK_RESOURCE right should be able to release the lock. | Administrator |