16.20 - Granting Privileges to Roles - Teradata Vantage NewSQL Engine

Teradata Vantageā„¢ SQL Data Control Language

prodname
Teradata Database
Teradata Vantage NewSQL Engine
vrm_release
16.20
created_date
March 2019
category
Programming Reference
featnum
B035-1149-162K

Roles define privileges on database objects. A database administrator can create different roles for different job functions and responsibilities, grant specific privileges on database objects to the roles, and then grant membership to the roles to users. Users who are members of a role can access all the objects for which the role has privileges. A role that has roles granted to it cannot be granted to a role.

Roles cannot be granted the following privileges:
  • CREATE DATABASE
  • CREATE ROLE
  • CREATE PROFILE
  • CREATE USER
  • DROP DATABASE
  • DROP ROLE
  • DROP PROFILE
  • DROP USER
  • CTCONTROL

Roles cannot be granted on a database or PUBLIC.

To grant role membership to users or other roles, use the GRANT (Role Form) statement.

For more information, see GRANT (Role Form).

The following request grants privileges to a role. In this example, the finance role is granted the privilege to SELECT data from the department table, which is in the personnel database:

GRANT SELECT
ON personnel.department
TO finance;

All users who are granted membership to the finance role also inherit the privilege to SELECT data from the department table in the personnel database when the role is activated for the user.