16.10 - Creating and Dropping External Roles - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can specify EXTERNAL ROLE in the standard CREATE/DROP ROLE syntax to create external roles for directory users. The user that executes a CREATE/DROP EXTERNAL ROLE statement must have CREATE ROLE and DROP ROLE privileges. For example:

CREATE EXTERNAL ROLE  ext_role_name;

or

DROP EXTERNAL ROLE  ext_role_name;
If you drop a database role while including EXTERNAL in the syntax, or dropping an external role without including the EXTERNAL term, the system returns an error, for example:
DROP EXTERNAL ROLE dbrole;
Failure 5933: Role being dropped is not an external role

DROP ROLE extrole;
Failure 5934: Role being dropped is an external role

The system records external roles in the data dictionary, along with database roles, but when you map an external role to a directory user, the system does not insert a row in DBC.RoleGrants.

The method for granting privileges to an external role is similar to granting privileges to a database role. See Creating Roles.