17.20 - Limitations on Using Roles - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

You cannot grant certain privileges to a role:

  • CREATE ROLE
  • DROP ROLE
  • CREATE PROFILE
  • DROP PROFILE
  • CREATE USER
  • DROP USER
  • CTCONTROL
  • OVERRIDE privileges
  • WITH GRANT OPTION (membership in a role cannot confer the ability to grant any of the privileges it contains to other users or roles)
Instead of WITH GRANT OPTION, you should use WITH ADMIN OPTION for roles. A user granted WITH ADMIN OPTION on a role can:
  • Drop the role
  • Grant the role to other users and roles
  • Grant the role to another user with the WITH ADMIN OPTION
  • Revoke the role from a grantee

WITH ADMIN OPTION does not provide the ability to grant or revoke privileges to or from the role or to any members of the role.