Archives of the TeradataForum
Message Posted: Tue, 29 Dec 2009 @ 23:37:48 GMT
| Subj: | | Re: Managing User Roles |
| |
| From: | | Campbell, William Dennis |
The idea of roles is to minimize the number of times privileges are granted, that is, grant to a few roles instead of many users. The preferred
solution is to restrict most user privileges to accessing views of the data rather than to base tables. Construct one or more "Views" databases as
required to contain individual views related to department or job function. There should be some commonality of required views that would limit
the number of roles needed by most users.
However, if you don't start with properly segregated views (by department or job function) you're going to have a hard time limiting the number
of roles. Or maybe the users have really convoluted job descriptions and actually need four roles each...
The more roles you create, the more precise you can be in providing privileges to member users. But how much precision do you really need?
The more planning you do at the database design stage, the fewer roles you're likely to need.
Dennis Campbell
Teradata Information Engineering
| 
