Usage Notes for Roles | SQL Data Control Language | Teradata Vantage - Usage Notes for Roles - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantageā„¢

Roles are used to define privileges on database objects for multiple users. A user who is assigned a role can access all the objects on which the role and its nested roles have privileges. Users can only be assigned a role that has been granted to them.

You can grant a newly created role to a user or other role before the role has privileges on any database objects.

An unlimited number of roles can be granted to a role or user.

Roles cannot be granted on themselves or on PUBLIC, nor can they be granted any of the following privileges:
  • CREATE PROFILE
  • CREATE ROLE
  • CREATE USER
  • CREATE ZONE
  • CTCONTROL
  • DROP PROFILE
  • DROP ROLE
  • DROP USER
  • DROP ZONE
  • ZONE OVERRIDE

If you use Teradata Secure Zones to create secure zones, the role that you grant and the recipients of the role (users or other roles) should be in the same zone.

Roles can only be nested one level deep. Thus, a role that has a nested role cannot also be a nested role. This is a deviation from the ANSI/ISO SQL:2011 standard, which allows multiple nesting levels.