Creating and Dropping External Roles - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

You can specify EXTERNAL ROLE in the standard CREATE/DROP ROLE syntax to create external roles for directory users. The user that executes a CREATE/DROP EXTERNAL ROLE statement must have CREATE ROLE and DROP ROLE privileges. For example:

CREATE EXTERNAL ROLE  ext_role_name;

or

DROP EXTERNAL ROLE  ext_role_name;
If you drop a database role while including EXTERNAL in the syntax, or dropping an external role without including the EXTERNAL term, the system returns an error, for example:
DROP EXTERNAL ROLE dbrole;
Failure 5933: Role being dropped is not an external role

DROP ROLE extrole;
Failure 5934: Role being dropped is an external role

The system records external roles in the data dictionary, along with database roles, but when you map an external role to a directory user, the system does not insert a row in DBC.RoleGrants.

The method for granting privileges to an external role is similar to granting privileges to a database role. See Creating Roles.

A user can occupy a maximum of 50 roles. If the maximum is exceeded, an error is reported.