GRANT (SQL Form) Statement | SQL Data Control Language | Teradata Vantage - GRANT (SQL Form) - Advanced SQL Engine

GRANT (SQL Form) Statement | SQL Data Control Language | Teradata Vantage - GRANT (SQL Form) - Advanced SQL Engine - Teradata Database

SQL Data Control Language

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2021-07-27

dita:mapPath

sqd1591723147563.ditamap

dita:ditavalPath

sqd1591723147563.ditaval

dita:id

B035-1149

lifecycle

Product Category

Teradata® Vantage™ NewSQLEngine

Grants one or more explicit privileges on a database, user, proxy logon user, table, hash index, join index, view, procedure, User-Defined Function (UDF), function mapping, User-Defined Method (UDM), User-Defined Type (UDT), or macro to a role, group of roles, user, or group of users or databases.

For a list of database privileges, see Database Privileges.

For information about granting the NONTEMPORAL privilege, see Teradata Vantage™ - Temporal Table Support, B035-1182.

ANSI Compliance

This statement is a Teradata extension to the ANSI SQL:2011 standard.

Required Privileges

You must be one of the following to grant privileges on an object using the SQL GRANT statement:

User DBC.
An owner of the object.
For details regarding security issues associated with owner privileges, see Security Considerations With the CREATE MACRO Privilege
A user possessing each privilege to be granted.
A user can have a privilege by having been granted it explicitly or by inheriting it from a role as a result of creating a view, macro, or procedure.

To grant the following privileges, you must have the CONSTRAINT ASSIGNMENT privilege.

OVERRIDE DELETE CONSTRAINT
OVERRIDE DUMP CONSTRAINT
OVERRIDE INSERT CONSTRAINT
OVERRIDE RESTORE CONSTRAINT
OVERRIDE SELECT CONSTRAINT
OVERRIDE UPDATE CONSTRAINT

Note the following details about the privileges required to execute a GRANT (SQL Form) request.

A user need not be related to a grantor through ownership to receive a privilege.
A grantor does not need to have any privilege, including WITH ADMIN OPTION, on the grantee to grant a privilege to it, whether the grantee is a role, a user, database, or PUBLIC.
If a GRANT statement is on a database or user, the privilege applies to all objects, both current and future, created in that space.
If a REVOKE statement later removes the privilege, the privilege is dropped for all objects, regardless of when they were created.

A REVOKE statement at the object level cannot remove a privilege from that object that was granted on the database or user.

When you specify the WITH GRANT OPTION phrase, the recipient of the privilege can then grant that privilege to other users.

An owner implicitly has the WITH GRANT OPTION privilege on any database, user, or object it owns.

An owner can explicitly grant any or all privileges on any of the following	The Privilege Can Be Granted To
a child database a child user a database object	any other database any other user a role PUBLIC You cannot assign row-level security privileges to PUBLIC.

Any privilege granted automatically or explicitly can be revoked using the REVOKE statement.
See REVOKE (SQL Form).
Implicit privileges cannot be revoked.

When Privileges Are Granted

GRANT takes effect immediately when the grantee issues their next statement. You do not need to log out to receive a privilege that was just granted to you.