Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Teradata RDBMS Database Administration - NCR

NCR Teradata RDBMS Database Administration - NCR , 2004. - 616 p.
Download (direct link): teradatadatabaseadmin2004.pdf
Previous << 1 .. 67 68 69 70 71 72 < 73 > 74 75 76 77 78 79 .. 218 >> Next


This means that new users can immediately create tables and other data objects, including views, macros, indexes, and triggers, in their own space. However, you must explicitly grant to new users:

CREATE DATABASE and CREATE USER privileges, even to create a database or user in their own space

CREATE PROCEDURE privilege, even to create stored procedures in their own space

EXECUTE PROCEDURE privilege to execute stored procedures they did not create, even if the procedures are in their own space

Appropriate access rights for any target object they need to access that is not in their own space

CREATE ROLE and/or CREATE PROFILE privilege, in order to create new roles or profiles

The privileges you might want to explicitly grant to new users includes: __ I

IF you want to grant a user the right to . THEN use .
create other databases or users GRANT CREATE USER, CREATE DATABASE TO username; Users who have been granted a CREATE privilege implicitly gain creator privileges, such as MODIFY and DROP, on any object they create. If the created object is a role, implicit creator privileges include the WITH ADMIN OPTION, allowing the creator to grant that role to users and other roles. Ownership privileges on the object are implicitly granted to the owner of the space in which the new object resides or from which the object was created.
grant access privileges on objects he or she creates to other users the WITH GRANT OPTION clause in the GRANT statement; for example: GRANT CREATE USER, CREATE DATABASE TO username WITH GRANT OPTION;
create roles GRANT CREATE ROLE TO username;
create roles and grant them to other users and roles GRANT CREATE ROLE TO username; The WITH ADMIN OPTION is implicitly granted to the creator of a role, allowing that creator to grant the role to users and other roles.

5 - 10 Teradata RDBMS Database Administration

Chapter 5: Setting Up Users, Profiles, Accounts and Accounting

Implementing Roles and Profiles

IF you want to grant a user the right to . THEN use .
create roles and grant the CREATE ROLE privilege to other users GRANT CREATE ROLE TO username WITH GRANT OPTION; Note: Creator privileges do not include the right to assign a default role or profile to a user.
assign to other users a role that he or she did not create grant to the user that role, and include the WITH ADMIN OPTION: GRANT rolename TO username WITH ADMIN OPTION;
create profiles GRANT CREATE PROFILE TO username;
assign a default profile see "MODIFY USER Statement" on page 5-10.
create stored procedures in his or her own space GRANT CREATE PROCEDURE TO username; The creator of a stored procedure automatically gains EXECUTE PROCEDURE and DROP PROCEDURE privileges on the created procedure. The creator must have every necessary privilege, each granted with the WITH GRANT OPTION, to process the SQL statements and access the target objects in the procedure body.
execute a stored procedure that he or she did not create To that user, the statement: GRANT EXECUTE PROCEDURE TO username; To the immediate owner of the stored procedure, every privilege, each including the WITH GRANT OPTION, needed to process the SQL statements and access the target objects in the procedure body.

For more information on:

The creation, assignment, and default values of roles and profiles, see "Implementing Roles and Profiles" on page 5-12.

The creation, execution, application, and recompilation of stored procedures, see "Stored Procedures" in Teradata RDBMS SQL Reference, Volume 6.

MODIFY USER Statement

MODIFY USER lets you to change the options of an existing user. For example, use MODIFY USER to reset a password for a user who has forgotten theirs.

Note: Profile definitions override user definitions. If you need to change the TEMP, SPOOL, ACCOUNT, and/or DATABASE options for a user who has a profile, use the MODIFY PROFILE statement.

5 - 10 Teradata RDBMS Database Administration Chapter 5: Setting Up Users, Profiles, Accounts and Accounting

Implementing Roles and Profiles

The access rights depend on what user is being modified and what parameters are being changed:

You need the DROP USER privilege to use MODIFY USER on any user except yourself.

You need the DROP USER privilege on yourself in order to change the following definitions with MODIFY USER:

- RELEASE PASSWORD LOCK

- PERM

- ACCOUNT

- TEMP

- SPOOL

- PROFILE (plus the DROP PROFILE privilege)

You do not need any privileges to change your own user definitions for:

- PASSWORD

- STARTUP

- JOURNAL

- AFTER JOURNAL

- DEFAULT JOURNAL TABLE

- DROP DEFAULT JOURNAL TABLE

- FALLBACK

- COLLATION

- DEFAULT DATABASE

- DEFAULT ROLE |

- TIMEZONE

- DATEFORM

- DEFAULT CHARACTER SET

5 - 10 Teradata RDBMS Database Administration

Chapter 5: Setting Up Users, Profiles, Accounts and Accounting

Implementing Roles and Profiles

Implementing Roles and Profiles
Previous << 1 .. 67 68 69 70 71 72 < 73 > 74 75 76 77 78 79 .. 218 >> Next