Roles to Manage Privileges | Teradata Vantage - 17.10 - Using Roles to Manage Privileges - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Role privileges add to any privileges you grant directly to users.

Security constraint privileges and overrides are assigned rather than granted. See Assigning Security Constraints in a CREATE PROFILE Statement.
Granting privileges to roles and then granting role membership to users offers these advantages:
  • Standardizes privileges for users with a similar job description
  • Reduces the time required to assign the privileges, compared with granting privileges to individual users
  • Reduces the time the system takes to check user privileges at logon
You can grant one or more roles to one or more users or roles, therefore:
  • A role can have many members.
  • A user or role can be a member of more than one role.
    The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role

When you grant a privilege to an existing role, it immediately affects any role member for which the role is currently active in a session.