16.20 - Using GIVE with Teradata Secure Zones - Teradata Vantage NewSQL Engine

Teradata Vantageā„¢ SQL Data Control Language

prodname
Teradata Database
Teradata Vantage NewSQL Engine
vrm_release
16.20
created_date
March 2019
category
Programming Reference
featnum
B035-1149-162K

A user with the appropriate privileges can transfer the ownership of a database from a non-zone user to a zone user, or from one zone user to another user within the same zone. However, a user cannot GIVE a zone database or a zone user to a non-zone user, or to another zone user in a different zone.

If you use Teradata Secure Zones in your Teradata Database system, and you GIVE databases owned by non-zone users to zone users, only the ownership of the given databases change. Non-zone users retain their existing privileges on the given databases and can continue to access them unless you explicitly revoke their privileges.

If you want to move non-zone objects into a zone, you can GIVE a user or database and all their descendants to the zone root. You also need to review all of the non-zone users who have rights on the database or user objects that you moved and grant them zone privileges, if you want them to maintain their access to the objects. Before you grant them zone privileges, you should make them zone guests.

To complete the move, you also need to contact your Professional Services or Customer Support representative for help in updating certain dictionary tables. The appropriate tables must be updated to move the profiles and roles used by the users and descendants that you moved and to make the access rights on the objects zone-specific.

To ensure that the system functions properly, do not modify or delete any Data Dictionary tables yourself.