16.20 - Explicit Privileges - Teradata Vantage NewSQL Engine

Teradata Vantageā„¢ SQL Data Control Language

Teradata Database
Teradata Vantage NewSQL Engine
March 2019
Programming Reference
Privilege Description
Automatic When a user creates a database object, Teradata Database automatically grants privileges to:
  • The creator of the object
  • A newly created user or database
GRANT You can GRANT privileges:
  • Directly to a user or database
  • To a role, then GRANT membership in the role to one or more users
  • To an external role, then map the role to one or more groups of directory users
Inherited Privileges that a user acquires indirectly:
  • All users automatically have the privileges of PUBLIC, a role-like collection of default privileges. You can also grant or revoke privileges for PUBLIC.
  • A user inherits all the privileges granted to any roles of which the user is a member.
  • Directory users inherit the privileges of the database users and external roles to which they are mapped.
Assigned Security constraints define user access to table rows protected by a corresponding security constraint column.
You can assign the security constraints in a CONSTRAINT object to a:
  • User, by specifying the CONSTRAINT object in a:
    • CREATE USER or MODIFY USER statement
    • CREATE PROFILE or MODIFY PROFILE statement, and then assigning the profile to the user
    Constraint OVERRIDE privileges, which allow a user to bypass row level security protection, are granted using the GRANT OVERRIDE CONSTRAINT statement.
  • Table, by defining a constraint column that is named for the CONSTRAINT object in a CREATE TABLE or ALTER TABLE statement.