17.20 - Creating and Dropping External Roles - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

You can specify EXTERNAL ROLE in the standard CREATE and DROP ROLE syntax to create or drop external roles for directory users. The user that runs a CREATE EXTERNAL ROLE or DROP EXTERNAL ROLE statement must have CREATE ROLE and DROP ROLE privileges. For example:

CREATE EXTERNAL ROLE  ext_role_name;

or

DROP EXTERNAL ROLE  ext_role_name;
If you drop a database role while including EXTERNAL in the syntax, or dropping an external role without including the EXTERNAL term, the system returns an error, for example:
DROP EXTERNAL ROLE dbrole;

Result:

Failure 5933: Role being dropped is not an external role
DROP ROLE extrole;

Result:

Failure 5934: Role being dropped is an external role

A user can occupy a maximum of 50 roles. If the maximum is exceeded, an error is reported.

The system records external roles in the data dictionary, along with database roles, but when you map an external role to a directory user, the system does not insert a row in DBC.RoleGrants.

The method for granting privileges to an external role is similar to granting privileges to a database role. See Creating Roles.