16.10 - About OVERRIDE Privileges - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

When a CONSTRAINT object defines no UDF for an SQL DML operation, only users with the OVERRIDE or OVERRIDE operation privilege can perform the operation.

Manual entry or update of a constraint column value requires that the user have the OVERRIDE privilege to bypass the automatic use (by the enforcing UDF) of the current_session parameter to set the constraint column value.

Users who perform load/export jobs may need OVERRIDE privileges to ensure that they can access all rows required to complete a load/export operation.

You can grant OVERRIDE privileges to users to bypass enforcement of RLS constraints. OVERRIDE privileges can apply to:

  • A database, table, or column
  • Some or all SQL DML operation types
  • Some or all ARC operation types
  • Some or all security constraints
  • One or more users, roles, or external roles
The granting user must have the system level CONSTRAINT ASSIGNMENT privilege.
OVERRIDE privileges take effect at the next user request after they are granted/revoked.