17.00 - DENIALS - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - SQL Data Definition Language Syntax and Examples

Product
Advanced SQL Engine
Teradata Database
Release Number
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
wgr1555383704548.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
mdr1472255012272

Entries should be made only when statement execution fails because the user did not have the privilege set necessary to perform the request.

DENIALS is applied to only those actions listed in the BEGIN LOGGING request that contains it.

For example, two BEGIN LOGGING requests can specify the same object, user, and action, but different frequency and DENIALS options. This allows the user to log all denials, but only the first successful use of a privilege.

If this option is not specified, a log entry is made if the privilege check either fails or succeeds.

You cannot log DENIALS for DELETE, INSERT, SELECT, or UPDATE operations on row-level security-protected tables because the inability of users to access a row is due to row-level security enforcement by the constraint UDF rather than being the result of a normal database privilege check.

Also see the row-level security section for the operation variable later in this table.