Roles are used to define privileges on database objects for multiple users. A user who is assigned a role can access all the objects on which the role and its nested roles have privileges. Users can only be assigned a role that has been granted to them.
You can grant a newly created role to a user or other role before the role has privileges on any database objects.
An unlimited number of roles can be granted to a role or user.
Roles cannot be granted on themselves or on PUBLIC, nor can they be granted any of the following privileges:
- CREATE PROFILE
- CREATE ROLE
- CREATE USER
- CREATE ZONE
- DROP PROFILE
- DROP ROLE
- DROP USER
- DROP ZONE
- ZONE OVERRIDE
If you use Teradata Secure Zones to create secure zones, the role that you grant and the recipients of the role (users or other roles) should be in the same zone.
Roles can only be nested one level deep. Thus, a role that has a nested role cannot also be a nested role. This is a deviation from the ANSI/ISO SQL:2011 standard, which allows multiple nesting levels.