Archives of the TeradataForum
Message Posted: Thu, 20 May 2004 @ 17:50:39 GMT
I found some kind of 'security fail' about CREATE MACRO privilege. Not every user can create a macro in a system. Take a look in the <Data Definition Statement> manual reference.
You must have the CREATE MACRO privilege on the containing database or user in which the macro is to be created. The creator of a macro is automatically granted the DROP MACRO and EXECUTE privileges WITH GRANT OPTION on the macro.
Access to data via a macro is controlled by the access privileges of the macro owner, not by the privileges of its creator. This can be a security issue. See "GRANT (SQL Form)" on page 2-22 and to "Security Considerations With CREATE MACRO Privilege" on page 2-30 for details.
The user creating a macro must have the privileges for all statements to be performed by the macro. To allow other users to perform the macro, its creator must have the privileges necessary to perform each statement WITH GRANT OPTION.
Once a macro has been created, its owner is the database in which it exists, not the user who created it. The owning database must have all the appropriate privileges for executing the macro, including WITH GRANT OPTION.
The user who performs a macro need not be aware of the tables affected by its performance.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 27 Dec 2016|