Ownership Privileges - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-05-03
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
Product Category
Teradata Vantage

The system implicitly grants ownership of any object to the owner of the space that contains the object. The owning user is the parent and any users contained in the owner space are child users. In turn, a child becomes the parent of any new users it creates. All owners and parents within the ownership hierarchy implicitly possess certain privileges on all lower-level objects contained in the space they own.

Implicit privileges for an owner/parent are similar to the privileges a creator automatically receives on a created object, as listed in Privilege Dictionary, except that the system does not insert rows for implicit privileges in the DBC.AccessRights table as it does for a creator.

Ownership privileges normally include the discretionary privilege to grant full access on any owned object to other users, unless the object is protected by row level security, in which case user access to the object is limited by security constraint assignments. Owners do not have the privilege to administer security constraints unless they are granted the CONSTRAINT DEFINITION and CONSTRAINT ASSIGNMENT privileges. See Implementing Row Level Security.

Ownership is subject to these additional rules:
  • You cannot revoke ownership privileges.
  • Privileges implicitly available to an owner are not all inclusive, but an owner/parent may grant itself additional privileges on any objects that its child users own.
  • A user does not own itself, and therefore does not have implicit privileges on itself. Created users do receive some automatic privileges. See Automatic Privileges.
  • Although the DBC.AccessRights table does not list ownership privileges, these privileges are subject to access logging, if it is enabled. For information on access logging, see Monitoring Database Access.

Site security policy must take into account the ownership hierarchy and resulting implicit privileges in setting guidelines for creating databases and users.

For further information on creating databases, see Teradata Vantage™ - Database Administration, B035-1093.