16.10 - Using Logging to Monitor Zones - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Logging syntax within zones, including BEGIN LOGGING, END LOGGING, BEGIN QUERY LOGGING, REPLACE QUERY LOGGING, END QUERY LOGGING, and SHOW QUERY LOGGING, is unchanged. Logging and query logging privileges within zones are the same as those for non-zone query logging.

Zone DBAs can use zone-level logging to monitor their zones and can use zone-level query logging to monitor the queries of the users in their zones. Non-zone users other than the DBC user cannot enable query logging on objects across all zones unless they have the ZONE OVERRIDE privilege.

The Teradata DBC user has access to all dictionary data in the database without any zone restrictions. If other users from outside a zone need to collect system-wide dictionary data, the DBC user must grant them the ZONE OVERRIDE privilege. The DBC user receives the ZONE OVERRIDE privilege during system initialization and can grant this privilege, without the WITH GRANT OPTION privilege, to other users. This privilege applies to dictionary table and view access only; it does not apply to data table access.

For information about using GRANT ZONE OVERRIDE and REVOKE ZONE OVERRIDE, see SQL Data Control Language.