Granting Privileges to Roles | GRANT (SQL Form) | Teradata Vantage - Granting Privileges to Roles - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantageā„¢

Roles define privileges on database objects. A database administrator can create different roles for different job functions and responsibilities, grant specific privileges on database objects to the roles, and then grant membership to the roles to users. Users who are members of a role can access all the objects for which the role has privileges. A role that has roles granted to it cannot be granted to a role.

Roles cannot be granted the following privileges:
  • CREATE DATABASE
  • CREATE ROLE
  • CREATE PROFILE
  • CREATE USER
  • DROP DATABASE
  • DROP ROLE
  • DROP PROFILE
  • DROP USER
  • CTCONTROL

Roles cannot be granted on a database or PUBLIC.

To grant role membership to users or other roles, use the GRANT (Role Form) statement.

For more information, see GRANT (Role Form).

The following request grants privileges to a role. In this example, the finance role is granted the privilege to SELECT data from the department table, which is in the personnel database:

GRANT SELECT
ON personnel.department
TO finance;

All users who are granted membership to the finance role also inherit the privilege to SELECT data from the department table in the personnel database when the role is activated for the user.