Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Thu, 18 Dec 2003 @ 09:54:58 GMT


     
  <Prev Next>   <<First <Prev
Next>
Last>>
 


Subj:   Re: Accessrights to execute a macro...
 
From:   Dieter Noeth

Hi Vivek,

  That's fine, infact very obvious from the error message itself that the access-right with grant option is needed. My question is why ? If the user could access dbc.tables through the SQL then why not through the macro without access-right with grant option. Is it because the macro which gets created by the user will not have access on dbc.tables as the user does not have access-right with grant option ? Although it sounds a bit weird to me but still that is the only guess I could make out.  



The reason is simple:

The creator of a view or a macro has all rights with grant option on it. So he could grant exec on that macro to any other user even without having grant option on the base objects.

The security system checks for valid access rights:

- for the current user to exec the macro

- for the *owning* database (not the creator) on the base objects used by the macro/view


Dieter



     
  <Prev Next>   <<First <Prev
Next>
Last>>
 
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 23 Jun 2019