16.10 - Using Logging to Monitor Zones - Teradata Database

Teradata Database Security Administration

Teradata Database
June 2017

Logging syntax within zones, including BEGIN LOGGING, END LOGGING, BEGIN QUERY LOGGING, REPLACE QUERY LOGGING, END QUERY LOGGING, and SHOW QUERY LOGGING, is unchanged. Logging and query logging privileges within zones are the same as those for non-zone query logging.

Zone DBAs can use zone-level logging to monitor their zones and can use zone-level query logging to monitor the queries of the users in their zones. Non-zone users other than the DBC user cannot enable query logging on objects across all zones unless they have the ZONE OVERRIDE privilege.

The Teradata DBC user has access to all dictionary data in the database without any zone restrictions. If other users from outside a zone need to collect system-wide dictionary data, the DBC user must grant them the ZONE OVERRIDE privilege. The DBC user receives the ZONE OVERRIDE privilege during system initialization and can grant this privilege, without the WITH GRANT OPTION privilege, to other users. This privilege applies to dictionary table and view access only; it does not apply to data table access.

For information about using GRANT ZONE OVERRIDE and REVOKE ZONE OVERRIDE, see SQL Data Control Language.