What are Teradata roles?

Roles serve to simplify rights management. A user assigned a role automatically has the same rights as the role.

What are the advantages of roles in Teradata compared to granting individual rights to users?

The assignment of rights is simplified.

An example: You define one role per department in your company. If a user changes the department, you don’t have to remove every right and assign all rights individually to the new department. You change the role of the user.

Do roles also offer performance benefits?

Because without the use of roles, all rights for each user must be stored in the DBC tables. The required rights are assigned to the role once, and only one single assignment is needed from the user to role per user. This results in less congestion on the DBC tables.

What is the syntax for creating a role?

CREATE ROLE DWHPRO_ADMIN;

How are rights assigned or revoked to a role?

For example, you can add read access:
GRANT SELECT ON Customer TO DWHPRO_ADMIN;
You can revoke read access like this:
REVOKE SELECT ON Customer FROM DWHPRO_ADMIN;

Can rolls be nested?

Roles can, in turn, be assigned to roles. In this way, the role inherits all rights of the superordinate role. Nesting can only take place on one level.

But: Nested roles negatively impact performance as permissions have to be collected from the DBC tables more complicatedly!

How can I grant a user the right to create or delete roles?

GRANT ROLE TO DWHPRO WITH GRANT OPTION;

This right can only be given to users, no databases or roles!

If a user has been assigned several roles, which one is active?

The active role can be selected with the following statement:

SET ROLE RoleA;

Should all roles be active simultaneously? This is the syntax:

SET ROLE ALL;

A default role that is used when a user logs on can be defined when creating/changing the user:

CREATE/MODIFY USER dwhpro … DEFAULT ROLE = DWHPRO_ADMIN;

Where can I see all existing roles?

In table DBC.RoleInfoV

Where can I see all existing role members?

In table DBC.RoleMembersV

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You might also like

>