Teradata Redundant AccessRights – More Housekeeping!

2
449
AMP

teradataGuest Post

As any experienced Teradata DBA will tell you there are some tables in the Teradata dictionary (DBC) that need housekeeping. But some customer sites that I have worked with ignore table DBC.AccessRights.

If you have ever analyzed this table on a Teradata system, you will almost certainly spot two things very quickly.

  1. For a non-history table, it can contain lots of rows
  2. It is very skewed.
As this is a system table you cannot affect the table definition, so reducing the skew is not a case of simply changing the Primary Index, but as with all skewed tables, if you can reduce the number of rows then the skew will typically reduce.

Further analysis of the content of this table will usually show that a lot of the rows are ‘redundant.’  By that I mean the situation where a user has a particular Access Right at the object level (say SELECT on a table), and they also have the same Access Right at the database level. Therefore the object level Access Right serves no purpose because even without it the user can SELECT from the table.

Housekeeping this table can have significant effects: one customer where a process was implemented reduced the row count by @40% which then also helped with parsing CPU consumption.

To effectively housekeep this table some best practices have to be put into place:

  1. The regular batch process to identify and remove redundant Access Rights.
  2. Use Roles instead of direct grants of Access rights to users.
  3. Prevent the use of DROP/CREATE staging tables by ETL processes (see my article “DELETE, don’t DROP”).
As a side note, the impact of skewing in this table should be reduced in TD 15.00 because the table now has a PPI on it, but the above steps will still help.

Our Reader Score
[Total: 3    Average: 3.7/5]
Teradata Redundant AccessRights – More Housekeeping! written by David Wellman on March 31, 2015 average rating 3.7/5 - 3 user ratings

2 COMMENTS

  1. Sure you are allowed to comment your own post.

    I use the approach of cleaning the AccessRights table on a huge site where we have 1:1 views in a database pointing to all the existing tables in our data warehouse. This simplifies access as you don’t have to qualify the database for each table, but it causes huge skewing. We ended up with parsing times up to some seconds because of redundant rights!

    Nevertheless, as you mentioned, we have to be careful when cleaning up the Access Rights table. I experienced missing permission with Stored Procedues depending on their user context (CALLER, OWNER, USER).

  2. Although not specifically mentioned above, you can also get potential redundant Access Rights when a user has an Access Right granted directly to them and also in a Role that they are a member of. You have to be a bit careful about removing such Access Rights, but it is at least worth reporting on them.

    (P.S. Am I allowed to comment on my own post?)

LEAVE A REPLY

Please enter your comment!
Please enter your name here