Granting Privileges to Roles | GRANT (SQL Form) | VantageCloud Lake - Granting Privileges to Roles - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
ft:locale
en-US
ft:lastEdition
2024-12-11
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

Roles define privileges on database objects. A database administrator can create different roles for different job functions and responsibilities, grant specific privileges on database objects to the roles, and then grant membership to the roles to users. Users who are members of a role can access all the objects for which the role has privileges. A role that has roles granted to it cannot be granted to a role.

Roles cannot be granted the following privileges:
  • CREATE DATABASE
  • CREATE ROLE
  • CREATE PROFILE
  • CREATE USER
  • DROP DATABASE
  • DROP ROLE
  • DROP PROFILE
  • DROP USER
  • CTCONTROL

Roles cannot be granted on a database or PUBLIC.

To grant role membership to users or other roles, use the GRANT (Role Form) statement.

For more information, see GRANT (Role Form).

The following request grants privileges to a role. In this example, the finance role is granted the privilege to SELECT data from the department table, which is in the personnel database:

GRANT SELECT
ON personnel.department
TO finance;

All users who are granted membership to the finance role also inherit the privilege to SELECT data from the department table in the personnel database when the role is activated for the user.