GRANT ZONE Statement | SQL Data Control Language | Teradata Vantage - GRANT ZONE - Advanced SQL Engine

GRANT ZONE Statement | SQL Data Control Language | Teradata Vantage - GRANT ZONE - Advanced SQL Engine - Teradata Database

SQL Data Control Language

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

June 2020

Language

English (United States)

Last Update

2021-01-24

dita:mapPath

lmb1556233084626.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1149

lifecycle

Product Category

Teradata® Vantage™ NewSQLEngine

When using Teradata Secure Zones, grants access to a zone to users or roles that are not zone users.

GRANT ZONE does not automatically grant users access to database objects within the zone. A zone user must grant Discretionary Access Control privileges to zone guests before access is permitted.

Users and roles that are granted zone access using this syntax are called zone guests. Zone users must be created within the zone using the CREATE USER syntax.

Required Privileges

You must be the creator of the zone to use GRANT ZONE to create zone guests.

Restricted Privileges

Zone creators cannot use GRANT ZONE syntax to make themselves guests in a zone that they created.

Only zone users can grant privileges on database objects within the zone to zone guests, but zone users cannot grant privileges on zone objects to a zone guest using the WITH GRANT OPTION.

A zone guest cannot grant access to zone objects to other users.

Syntax

GRANT ZONE zone_name [,...] TO { user_name | role_name } [,...] [;]

Syntax Elements

zone_name: The name of the zone. You can specify up to 25 names in a comma-separated list.; The zone must already exist.
user_name
role_name: The name of the user or the role. You can specify up to 25 names in a comma-separated list.; Zone guests can only be users or roles. The users or roles must already exist outside the zone.; You cannot make a user or a role in another zone into a zone guest.