Limitations on Using Roles - Advanced SQL Engine - Teradata Database

Security Administration
Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

You cannot grant certain privileges to a role:

  • CREATE ROLE
  • DROP ROLE
  • CREATE PROFILE
  • DROP PROFILE
  • CREATE USER
  • DROP USER
  • CTCONTROL
  • OVERRIDE privileges
  • WITH GRANT OPTION (membership in a role cannot confer the ability to grant any of the privileges it contains to other users or roles)
Instead of WITH GRANT OPTION, you should use WITH ADMIN OPTION for roles. A user granted WITH ADMIN OPTION on a role can:
  • Drop the role
  • Grant the role to other users and roles
  • Grant the role to another user with the WITH ADMIN OPTION
  • Revoke the role from a grantee

WITH ADMIN OPTION does not provide the ability to grant or revoke privileges to or from the role or to any members of the role.