Database administration is out of scope of the SQL Standard and there are no predefined roles is the Standard. In the Standard, every schema has an owner and this owner may perform DDL commands within this schema. Anything else is database-specific.
In H2, the most of DDL commands require schema owner privileges. Schema owner can be specified with standard command: https://h2database.com/html/commands.html#create_schema And it can be read from standard INFORMATION_SCHEMA.SCHEMATA.SCHEMA_OWNER. Few commands in H2 need access to JVM, they require non-standard ADMIN privileges due to security reasons. Users with these privileges can be created with non-standard CREATE USER command with ADMIN clause: https://h2database.com/html/commands.html#create_user You can check whether some user is ADMIN or not in non-standard INFORMATION_SCHEMA.USERS.IS_ADMIN column. When database is created, user gets ADMIN privileges automatically. If they aren't required for normal operations, it is recommended to create and use a user with lower privileges. H2 also has special non-standard ALTER ANY SCHEMA privileges, they give access to commands with required schema owner privileges in any schema. They can be granted or revoked with non-standard commands: https://h2database.com/html/commands.html#grant_alter_any_schema https://h2database.com/html/commands.html#revoke_alter_any_schema You can check non-standard INFORMATION_SCHEMA.RIGHTS for presence of these privileges. If 'RIGHTS' = 'ALTER ANY SCHEMA', GRANTEE has them. These privileges don't provide access to JVM, unlike ADMIN privileges. -- You received this message because you are subscribed to the Google Groups "H2 Database" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/h2-database/0e7d8b3d-0c2b-42a3-ab97-a8affc059b35n%40googlegroups.com.
