Database Privilege Types - Advanced SQL Engine

Database Privilege Types - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2022-02-15

dita:mapPath

ppz1593203596223.ditamap

dita:ditavalPath

wrg1590696035526.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

All database privileges are either explicit or implicit.

Privilege	Description
Implicit Privileges
Ownership	Teradata Vantage™ grants implicit privileges on a database object to the owner of the space that contains the object. See Ownership Privileges.
Explicit Privileges
Automatic	When a user creates a database object, SQL Engine automatically grants privileges to: The creator of the object A newly created user or database See Automatic Privileges.
GRANT	You can GRANT privileges: Directly to a user or database To a role, then GRANT membership in the role to one or more users To an external role, then map the role to one or more groups of directory users See Working with User Privileges in Teradata Vantage.
Inherited	Privileges that a user acquires indirectly: All users automatically have the privileges of PUBLIC, a role-like collection of default privileges. You can also grant or revoke privileges for PUBLIC. See System-Generated Users. A user inherits all the privileges granted to any roles of which the user is a member. See Using Roles to Manage Privileges. Directory users inherit the privileges of the database users and external roles to which they are mapped. See Using Roles for Directory Users.
Assigned	Security constraints define user access to table rows protected by a corresponding security constraint column. You can assign the security constraints in a CONSTRAINT object to a: User, by specifying the CONSTRAINT object in a: CREATE USER or MODIFY USER statement CREATE PROFILE or MODIFY PROFILE statement, and then assigning the profile to the user See Assigning Security Constraints. Constraint OVERRIDE privileges, which allow a user to bypass row level security protection, are granted using the GRANT OVERRIDE CONSTRAINT statement. See Granting SQL DML OVERRIDE Privileges. Table, by defining a constraint column that is named for the CONSTRAINT object in a CREATE TABLE or ALTER TABLE statement. See Working with Security Constraint Columns.