16.10 - Using Roles to Manage Privileges - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Role privileges add to any privileges you grant directly to users.

Security constraint privileges and overrides are assigned rather than granted. See Assigning Security Constraints in a CREATE PROFILE Statement.

Granting privileges to roles and then granting role membership to users offers these advantages:

  • Standardizes privileges for users with a similar job description
  • Reduces the time required to assign the privileges, compared with granting privileges to individual users
  • Reduces the time the system takes to check user privileges at logon

You can grant one or more roles to one or more users or roles, therefore:

  • A role can have many members.
  • A user or role can be a member of more than one role.
    The database allows only a single level of role nesting, that is, a role that has a member role cannot also be a member of another role. Members of the grantee role (the top level role) also have all the privileges in the nested role

When you grant a privilege to an existing role, it immediately affects any role member for which the role is currently active in a session.