16.10 - Using Roles to Manage Privileges - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

Role privileges add to any privileges you grant directly to users.

Security constraint privileges and overrides are assigned rather than granted. See Assigning Security Constraints in a CREATE PROFILE Statement.

Granting privileges to roles and then granting role membership to users offers these advantages:

  • Standardizes privileges for users with a similar job description
  • Reduces the time required to assign the privileges, compared with granting privileges to individual users
  • Reduces the time the system takes to check user privileges at logon

You can grant one or more roles to one or more users or roles, therefore:

  • A role can have many members.
  • A user or role can be a member of more than one role.
    The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role

When you grant a privilege to an existing role, it immediately affects any role member for which the role is currently active in a session.