17.10 - Database Privilege Types - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update

All database privileges are either explicit or implicit.

Privilege Description
Implicit Privileges
Ownership Teradata Vantage™ grants implicit privileges on a database object to the owner of the space that contains the object.

See Ownership Privileges.

Explicit Privileges
Automatic When a user creates a database object, SQL Engine automatically grants privileges to:
  • The creator of the object
  • A newly created user or database

See Automatic Privileges.

GRANT You can GRANT privileges:
  • Directly to a user or database
  • To a role, then GRANT membership in the role to one or more users
  • To an external role, then map the role to one or more groups of directory users

See Working with User Privileges in Teradata Vantage.

Inherited Privileges that a user acquires indirectly:
  • All users automatically have the privileges of PUBLIC, a role-like collection of default privileges. You can also grant or revoke privileges for PUBLIC.

    See System-Generated Users.

  • A user inherits all the privileges granted to any roles of which the user is a member.

    See Using Roles to Manage Privileges.

  • Directory users inherit the privileges of the database users and external roles to which they are mapped.

    See Using Roles for Directory Users.

Assigned Security constraints define user access to table rows protected by a corresponding security constraint column.
You can assign the security constraints in a CONSTRAINT object to a:
  • User, by specifying the CONSTRAINT object in a:
    • CREATE USER or MODIFY USER statement
    • CREATE PROFILE or MODIFY PROFILE statement, and then assigning the profile to the user
    See Assigning Security Constraints.
    Constraint OVERRIDE privileges, which allow a user to bypass row level security protection, are granted using the GRANT OVERRIDE CONSTRAINT statement.

    See Granting SQL DML OVERRIDE Privileges.

  • Table, by defining a constraint column that is named for the CONSTRAINT object in a CREATE TABLE or ALTER TABLE statement.

    See Working with Security Constraint Columns.