16.20 - Granting Privileges on UDFs - Teradata Vantage NewSQL Engine

Teradata Vantage™ SQL Data Control Language

prodname
Teradata Database
Teradata Vantage NewSQL Engine
vrm_release
16.20
created_date
March 2019
category
Programming Reference
featnum
B035-1149-162K

The rules for granting privileges on UDFs are identical to those for macros except for the CREATE FUNCTION and EXECUTE FUNCTION privileges, as documented in the following table, which explains which UDF-related privileges are granted explicitly or not:

Privilege Usage Notes
ALTER FUNCTION
  • Not granted automatically to the creator when it creates a database or user.
  • Not granted automatically to a database or user when it creates a database or user.
  • Held implicitly only by user DBC.
  • Cannot be granted on a UDF.
CREATE FUNCTION
  • Not granted automatically to the creator when it creates a database or user.
  • Held implicitly only by user DBC.
DROP FUNCTION
  • Granted automatically WITH GRANT OPTION to the creator of a user, database, function, or function mapping.
  • Granted automatically without grant option to a created database or user on itself.
  • Held implicitly on a database or user for an owner of that database or user.
EXECUTE FUNCTION
  • Granted automatically WITH GRANT OPTION to the creator of a function or function mapping.
  • Not granted automatically to the creator when it creates database or user.
  • Held implicitly only by user DBC.

All newly created external UDFs are performed in protected mode by default. This is also true for all newly created methods and external procedures. UDFs do not run in modes.

The ALTER FUNCTION privilege should be restricted to DBAs exclusively. Its intent is to permit a user to perform the ALTER FUNCTION statement, which can be used to change the execution mode of a UDF. Changing the execution mode for a UDF from PROTECTED to NOT PROTECTED, for example, is not an act that should be performed without exercising extreme caution.

For more information see “ALTER FUNCTION,” “ALTER METHOD,” and ALTER PROCEDURE” in Teradata Vantage™ SQL Data Definition Language Syntax and Examples, B035-1144.