Granting Privileges on UDFs - Teradata Vantage

Teradata® VantageCloud Lake

Deployment

VantageCloud

Edition

Lake

Product

Teradata Vantage

Published

January 2023

Language

English (United States)

Last Update

2024-04-03

dita:mapPath

phg1621910019905.ditamap

dita:ditavalPath

pny1626732985837.ditaval

dita:id

phg1621910019905

The rules for granting privileges on UDFs are identical to those for macros except for the CREATE FUNCTION and EXECUTE FUNCTION privileges, as documented in the following table, which explains which UDF-related privileges are granted explicitly or not:

Privilege	Usage Notes
ALTER FUNCTION	Not granted automatically to the creator of a database or user. Not granted automatically to a database or user when that database or user creates a database or user. Held implicitly only by user DBC. Cannot be granted on a UDF.
CREATE FUNCTION	Not granted automatically to the creator of a database or user. Held implicitly only by user DBC.
DROP FUNCTION	Granted automatically WITH GRANT OPTION to the creator of a user, database, function, or function mapping. Granted automatically without grant option to a created database or user on itself. Held implicitly on a database or user for an owner of that database or user.
EXECUTE FUNCTION	Granted automatically WITH GRANT OPTION to the creator of a function or function mapping. Not granted automatically to the creator of a database or user. Held implicitly only by user DBC.

All newly created external UDFs are performed in protected mode by default. This is also true for all newly created methods and external procedures. UDFs do not run in modes.

The ALTER FUNCTION privilege must be restricted to DBAs exclusively. Its intent is to permit a user to perform the ALTER FUNCTION statement, which can be used to change the execution mode of a UDF. Changing the execution mode for a UDF from PROTECTED to NOT PROTECTED, for example, is not an act that must be performed without exercising extreme caution.