The Teradata Row Level Security feature provides privileges that administrators can use to establish and maintain row-level security for the system. These privileges are system-level privileges or object-level privileges.
Initially, only user DBC has row-level security privileges. Any other user must be explicitly granted row-level security privileges to be able to perform the following tasks:
- Create row-level security constraints.
- Assign row-level security constraint values (security credentials) to users and profiles.
- Define row-level security constraints on tables.
- Override (bypass) validation of the row-level security policies contained in the constraint functions applicable to target tables.
The basic types of row-level security privileges are:
- System-level privileges
- Object-level privileges (see Object-Level Privileges for Row-Level Security).
Row-level security credentials are not privileges, but work like required privileges do in other types of access control. When you assign security credentials to users or profiles, you are determining whether the users can access table rows protected by row-level security. (The security credential assigned to the users must match the security constraint values assigned to the row or rows the users are trying to access.) The exact type or types of access you permit is determined by the row-level security policy defined in the constraint function.