GRANT (SQL Form) Statement | SQL Data Control Language | VantageCloud Lake - GRANT (SQL Form) - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
Language
English (United States)
Last Update
2024-04-03
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

Grants one or more explicit privileges on a database, user, proxy logon user, table, join index, view, procedure, User-Defined Function (UDF), function mapping, User-Defined Method (UDM), User-Defined Type (UDT), or macro to a role, group of roles, user, or group of users or databases.

You must be one of the following to grant privileges on an object using the SQL GRANT statement:
  • User DBC.
  • An owner of the object.

    For details regarding security issues associated with owner privileges, see Security Considerations with the CREATE MACRO Privilege

  • A user possessing each privilege to be granted.

    A user can have a privilege by having been granted the privilege explicitly or by inheriting the privilege from a role as a result of creating a view, macro, or procedure.

For a list of database privileges, see Database Privileges.

ANSI Compliance

This statement is a Teradata extension to the ANSI SQL:2011 standard.

Required Privileges

To grant the following privileges, you must have the CONSTRAINT ASSIGNMENT privilege.
  • OVERRIDE DELETE CONSTRAINT
  • OVERRIDE DUMP CONSTRAINT
  • OVERRIDE INSERT CONSTRAINT
  • OVERRIDE RESTORE CONSTRAINT
  • OVERRIDE SELECT CONSTRAINT
  • OVERRIDE UPDATE CONSTRAINT
The following are details about the privileges required to run a GRANT (SQL Form) request:
  • A user need not be related to a grantor through ownership to receive a privilege.

    A grantor need not have any privilege, including WITH ADMIN OPTION, on the grantee to grant a privilege to it, whether the grantee is a role, a user, database, or PUBLIC.

  • If a GRANT statement is on a database or user, the privilege applies to all objects, both current and future, created in that space.

    If a REVOKE statement later removes the privilege, the privilege is dropped for all objects, regardless of their creation times.

    A REVOKE statement at the object level cannot remove a privilege from that object that was granted on the database or user.

  • When you specify the WITH GRANT OPTION phrase, the recipient of the privilege can then grant that privilege to other users.

    The owner of a database, user, or object implicitly has the WITH GRANT OPTION privilege on the database, user, or object.

    Items on Which Owner Can Explicitly Grant Any or All Privileges Possible Grantees
    • Child database
    • Child user
    • Database object
    • Another database
    • Another user
    • A role
    • PUBLIC

      You cannot assign row-level security privileges to PUBLIC.
  • Any privilege granted automatically or explicitly can be revoked using the REVOKE statement.

    See REVOKE (SQL Form).

  • Implicit privileges cannot be revoked.

When Privileges Are Granted

GRANT takes effect immediately when the grantee issues the next statement. The grantee need not log off and log back on to receive a newly granted privilege.