17.10 - Granting Privileges to User DBADMIN - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The following procedure grants privileges typically required by the database administrator user to carry out the duties listed in About Database Administrator Responsibilities.

You can adjust the database administrator privileges shown below to conform to your site security policy.
  1. Log on as user DBC.
  2. Grant object-level database privileges to the database administrator on all objects subsequently created in DBADMIN space.
    GRANT EXECUTE, SELECT, INSERT, UPDATE, DELETE, STATISTICS, DUMP, RESTORE, CHECKPOINT, SHOW, EXECUTE PROCEDURE, ALTER PROCEDURE, EXECUTE FUNCTION, ALTER FUNCTION, ALTER EXTERNAL PROCEDURE, CREATE OWNER PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE  MACRO, CREATE DATABASE, CREATE TRIGGER, CREATE PROCEDURE, CREATE FUNCTION, CREATE EXTERNAL PROCEDURE, CREATE AUTHORIZATION, DROP TABLE, DROP VIEW, DROP MACRO, DROP DATABASE, DROP TRIGGER, DROP PROCEDURE, DROP FUNCTION, DROP AUTHORIZATION ON DBADMIN TO DBADMIN WITH GRANT OPTION;
  3. Grant the privilege to MODIFY users and profiles, which is required to administer such attributes as account, default database, profile (in a user definition), and space allocation. The DROP privilege is required to use the MODIFY command.
    GRANT DROP USER ON DBADMIN TO DBADMIN WITH GRANT OPTION;
    GRANT DROP PROFILE TO DBADMIN WITH GRANT OPTION;
  4. Grant object-level privileges on DBC tables and views to DBADMIN.
    GRANT EXECUTE, SELECT, STATISTICS, SHOW ON DBC TO DBADMIN WITH GRANT OPTION;
  5. Grant additional system-level privileges that not included in other grants.
    GRANT MONRESOURCE, MONSESSION, ABORTSESSION, SETSESSRATE, SETRESRATE TO DBADMIN WITH GRANT OPTION;
  6. Grant privileges on Sys_Calendar, which contains data for date-related system functions.
    GRANT SELECT, INSERT, UPDATE, DELETE ON Sys_Calendar TO DBADMIN WITH GRANT OPTION;
  7. Log off as user DBC.
  8. Immediately log on to the database as DBADMIN, using the temporary password specified in Creating User DBADMIN.
  9. When prompted, create a private password for user DBADMIN.

Related Information

Information on... Is available in...
System tables and views Teradata Vantage™ - Data Dictionary, B035-1092.
Syntax and options for the GRANT statement Teradata Vantage™ - SQL Data Control Language, B035-1149.
Secure zones Implementing Teradata Secure Zones.