Roles to Manage Privileges | Teradata Vantage - 17.10 - Using Roles to Manage Privileges - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
zuy1472246340572

Role privileges add to any privileges you grant directly to users.

Security constraint privileges and overrides are assigned rather than granted. See Assigning Security Constraints in a CREATE PROFILE Statement.
Granting privileges to roles and then granting role membership to users offers these advantages:
  • Standardizes privileges for users with a similar job description
  • Reduces the time required to assign the privileges, compared with granting privileges to individual users
  • Reduces the time the system takes to check user privileges at logon
You can grant one or more roles to one or more users or roles, therefore:
  • A role can have many members.
  • A user or role can be a member of more than one role.
    The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role

When you grant a privilege to an existing role, it immediately affects any role member for which the role is currently active in a session.