Creating Roles - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Use the CREATE ROLE statement to create roles. When you create a role, you automatically receive creator privileges, including the DROP ROLE and WITH ADMIN OPTION privileges. Implicit ownership privileges do not apply.

Creator privileges do not give you the privilege to assign a default role to a user. These parameters are specified in the DEFAULT ROLE clause of CREATE/MODIFY USER, for which you need the CREATE USER or DROP USER privilege, respectively.

Example: Create a Role and Grant it SELECT Privilege

Create a role for general users, grant it SELECT privileges on the entire Accounting database, and grant role membership to the general users Alana, Rajiv, Carlos, and Ellen:

CREATE ROLE AcctUserRole;
GRANT SELECT ON Accounting TO AcctUserRole;
GRANT AcctUserRole TO Alana, Rajiv, Carlos, Ellen;

Example: Create a Role and Grant Membership to a User

Create a role for updating the accounts payable table, grant it data change privileges on the Accounting.AccPay view (an updatable view), and then grant role membership to a single high-level accounting user, Claudia:

CREATE ROLE AcctUpdateRole;
GRANT SELECT, UPDATE, INSERT, DELETE ON Accounting.AccPay TO AcctUpdateRole;
GRANT AcctEndUserRole, AcctUpdateRole TO Claudia WITH ADMIN OPTION;
WITH ADMIN OPTION allows Claudia to grant, revoke, or drop either of the specified roles.

Example: Grant CREATE ROLE to Administrators

Grant CREATE ROLE privileges to administrators to perform role administration tasks:

GRANT CREATE ROLE TO Admin2, Admin3;

Assistant administrators Admin2 and Admin3 can now submit the following commands:

CREATE ROLE Role3;
GRANT Role1, Role3 TO Francisco;
REVOKE Role1 FROM Dani;
DROP ROLE Role2;

Related Information

Information on... Is available in...
using external roles for directory users Using Roles for Directory Users.
CREATE ROLE syntax and options Teradata Vantage™ - SQL Data Definition Language Syntax and Examples, B035-1144.
usage notes for CREATE ROLE Teradata Vantage™ - SQL Data Definition Language Detailed Topics, B035-1184.