16.10 - Limitations on Using Roles - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

You cannot grant certain privileges to a role:

  • CREATE ROLE
  • DROP ROLE
  • CREATE PROFILE
  • DROP PROFILE
  • CREATE USER
  • DROP USER
  • CTCONTROL
  • OVERRIDE privileges
  • WITH GRANT OPTION (membership in a role cannot confer the ability to grant any of the privileges it contains to other users or roles)
Instead of WITH GRANT OPTION, you should use WITH ADMIN OPTION for roles. A user granted WITH ADMIN OPTION on a role can:
  • Drop the role
  • Grant the role to other users and roles
  • Grant the role to another user with the WITH ADMIN OPTION
  • Revoke the role from a grantee

WITH ADMIN OPTION does not provide the ability to grant or revoke privileges to or from the role or to any members of the role.