Limitations on Using Roles - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
ft:locale
en-US
ft:lastEdition
2024-12-11
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

You cannot grant certain privileges to a role:

  • CREATE ROLE
  • DROP ROLE
  • CREATE PROFILE
  • DROP PROFILE
  • CREATE USER
  • DROP USER
  • CTCONTROL
  • OVERRIDE privileges
  • WITH GRANT OPTION (membership in a role cannot confer the ability to grant any of privileges of the role to other users or roles)
Instead of WITH GRANT OPTION, use WITH ADMIN OPTION for roles. A user granted WITH ADMIN OPTION on a role can do the following:
  • Drop the role
  • Grant the role to other users and roles
  • Grant the role to another user with the WITH ADMIN OPTION
  • Revoke the role from a grantee

WITH ADMIN OPTION does not provide the ability to grant or revoke privileges to or from the role or to any members of the role.