Row-Level Privileges | SQL Data Control Language | Teradata Vantage - Row-Level Privileges - Advanced SQL Engine - Teradata Database

SQL Data Control Language

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2021-07-27
dita:mapPath
sqd1591723147563.ditamap
dita:ditavalPath
sqd1591723147563.ditaval
dita:id
B035-1149
lifecycle
previous
Product Category
Teradata® Vantage™ NewSQLEngine

Access to database objects, for example, tables and views is primarily based on object-level user privileges. Object-level privileges provide basic access control, but are discretionary, that is, object owners automatically have the right to grant access on any owned object to any other user.

In addition to object-level privileges, you can use Teradata row-level security (RLS) to control user access for each table row, by SQL operation. RLS access rules are based on the comparison of the RLS access capabilities of each user and the RLS access requirements for each row.

Object owners do not have discretionary privileges to grant row access to other users. Only users with security constraint administrative privileges can manage row-level access controls.

Government agencies commonly create security labels (classifications) and use them to define user access capabilities and row access requirements.