16.10 - Triggers - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

Creating or replacing a trigger does not grant trigger-related privileges to either the creator or the immediate owner of that trigger.

You cannot grant privileges on a trigger, only on the database or table to which the trigger applies.
To... the user must have the...
create a trigger
  • CREATE TRIGGER on both of the following:
    • The database in which the trigger is created
    • Either the subject table or its containing database
  • SELECT on any column referenced in a WHEN clause or a triggered SQL statement subquery
  • INSERT, UPDATE, or DELETE on the triggered SQL statement target table (depending on the triggered action).
  • the privileges that would normally be required to execute the individual triggered SQL statements
replace a trigger To replace a trigger you must have the following privileges:
  • DROP TRIGGER on the subject table or the database

    The exception is when you use REPLACE TRIGGER when no target trigger exists and you instead create a new trigger, in which case you need CREATE TRIGGER privilege on both of the following:

    • The database in which the trigger is created
    • Either the subject table or its containing database
  • SELECT on any column referenced in a WHEN clause or a triggered SQL statement subquery
  • Depending on the triggered SQL statement, INSERT, UPDATE, or DELETE on the triggered SQL statement target table
  • The privileges that would normally be required to execute the individual triggered SQL statements
drop a trigger DROP TRIGGER privilege on the subject table or the database containing the table
execute a trigger The privileges required for executing triggering statements

In addition, the immediate owner of the trigger must have:

  • CREATE TRIGGER on the subject table or the database containing the table.
  • SELECT on any column referenced in the WHEN clause of the CREATE TRIGGER statement, or any column in a triggered action statement that requires read access for the execution of the statement.