Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Tue, 21 Nov 2006 @ 18:26:01 GMT


     
  <Prev Next>   <<First <Prev Next> Last>>  


Subj:   Re: Grant Option Cannot be Granted to a Role
 
From:   Fred W Pluebell

Create an "all powerful" admin dummy user and under that ID create SPs that use dynamic SQL to do other GRANTs. Grant the "DBA role" EXECUTE PROCEDURE on the admin SPs. (Security admin may want to REVOKE LOGON from this admin dummy user once it's all set up, but would have to GRANT LOGON temporarily if you needed to change the SPs later.)

The SP logic can help enforce other policy rules, e.g. don't GRANT ... WITH GRANT OPTION. Also, this approach allows DBAs to grant roles / rights without having to hold those rights themselves.



     
  <Prev Next>   <<First <Prev Next> Last>>  
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 15 Jun 2023