EXECUTE FUNCTION Privilege - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantageā„¢

You must specify EXECUTE FUNCTION to grant that privilege on functions or function mappings in a database, except for constraint functions.

The EXECUTE FUNCTION privilege does not need to be granted on constraint functions to users that need to query tables that are protected by row-level security.

Example: Granting the EXECUTE FUNCTION Privilege

This example of the GRANT statement grants the EXECUTE privilege on all functions in SYSLIB:

GRANT EXECUTE FUNCTION ON SYSLIB TO user_xyz;

You need only specify EXECUTE to grant the EXECUTE FUNCTION privilege on an individual UDF. For example, the following GRANT statement grants the EXECUTE privilege only on the function with the specific function name sales to user_xyz:

GRANT EXECUTE ON SPECIFIC FUNCTION SYSLIB.sales TO user_xyz;

Example: Granting the EXECUTE FUNCTION Privilege for a Function Mapping

The specified function mapping must exist before you can grant the EXECUTE FUNCTION privilege. This statement grants the EXECUTE FUNCTION privilege on the Interpolator function mapping in the appl_view_db database to user1.

GRANT EXECUTE FUNCTION ON appl_view_db.Interpolator TO user1;

Example: EXECUTE FUNCTION and Authorization Objects

In one particular case, granting EXECUTE FUNCTION is not sufficient to actually use the function. For example, the script table operator is enabled if a user has the EXECUTE FUNCTION granted to it but it needs an Authorization object bound to it in order to execute the scripts.

For example:

GRANT EXECUTE FUNCTION ON TD_SYSFNLIB.SCRIPT TO  user_name;
GRANT EXECUTE ON  authorization_name  TO  user_name;
GRANT EXECUTE FUNCTION ON TD_SYSFNLIB.SCRIPT TO  role_name;
GRANT EXECUTE ON  authorization_name  TO  role_name;

SYSUIF.DEFAULT_AUTH is provided as an authorization object target for the EXECUTE privilege.