> I guess we need to allow creating such internal temporary tables,
> despite the missing permission. That'll need some careful analysis to
> make sure we don't accidentally allow creating other temporary tables...
Wouldn't it be sufficient to document that fact, perhaps add an error hint and require the MV owner to have TEMP on the
database?
That's not an outrageous requirement, and it couldn't open any security back doors.
Agree. We already have to create a new user (well, that’s what I do) for MV's anyway for the REFRESH by owner only, it
wouldnot be a burden to adjust that ROLE's settings at time of creation. The doco is completely clear about MV owner,
wecan just add to that note to make sure CREATE permission too.