16.20 - Row-Level Privileges - Teradata Vantage NewSQL Engine

Teradata Vantageā„¢ SQL Data Control Language

Teradata Database
Teradata Vantage NewSQL Engine
March 2019
Programming Reference

Access to Teradata Database objects, for example, tables and views is primarily based on object-level user privileges. Object-level privileges provide basic access control, but are discretionary, that is, object owners automatically have the right to grant access on any owned object to any other user.

In addition to object-level privileges, you can use Teradata row-level security (RLS) to control user access for each table row, by SQL operation. RLS access rules are based on the comparison of the RLS access capabilities of each user and the RLS access requirements for each row.

Object owners do not have discretionary privileges to grant row access to other users. Only users with security constraint administrative privileges can manage row-level access controls.

Government agencies commonly create security labels (classifications) and use them to define user access capabilities and row access requirements.