Role Administration (1)

7/28/2019 Role Administration (1)

1/13

Teradata 13.0Role Administration Lab#22

Description:BISP is committed to provide BEST learning material to the beginners and

advance learners. In the same series, we have prepared a complete end-to endHands-on Guide for building financial data model in Teradata. The document

focuses on how to create Role and associate with users. Join our professionaltraining program and learn from experts.

History:Version Description Change Author Publish Date0.1 Initial Draft Anil Tekam 12thAug 20110.1 Review#1 Amit Sharma 18th Aug 2011

www.bispsolutions.com | www.hyperionguru.com |www.bisptrainings.com | Page 1


2/13

Introduction

This is one of our document of creating Role. In this document,

we have defined how we can create Role and what the purpose of creating the

role.

ObjectiveCreate New Role in Teradata Administration.

Summary In this example, We create the new Role. We have use theTeradata Administration for creating the Role and Granting the access right.

After creating the Role, we assign this Role in particular User. For this we have

modify the User and then we have selected the Role. We can use only some

privileges in this User, which has granted in Role.

Create New Role This is the Create Role Script. When we give the RoleName and click on 'Create' button, Role will be created.

Creating Role

Role In V2R5 version of Teradata, Role has include. But earlier version of

Teradata there was no Role option. A Role is simply collection of the access

rights. When we grant the rights of the Role then the right to use the Role is

granted to the users. There are many ways to restrict a user's access to

database objects. They are Access rights and Roles of the Users.



3/13

To build a safe and secure environment

we must protects our objects. Role is very useful option for protecting our

objects. When we create the Role and after creating the Role we can grant the

access rights of this Role, which is created. After granting the access rights of

Role, we can give the Role to any new user, which we are creating. After giving

the Role of User, now User can use only those rights, which we have granted in

our Role.

Limitations of Roles:-

We cannot grant the following privileges to roles :

1.) CREATE ROLE

2.) DROP ROLE

3.) CREATE PROFILE

4.) DROP PROFILE

5.) CREATE USER

6.) DROP USER

We cannot grant WITH GRANT OPTION. That's why the member of role do not

have the ability to grant any of the privileges it contains to other Users. The

WITH ADMIN OPTION, which can only be granted to a Role, is not equivalent to

the WITH GRANT OPTION. The WITH ADMIN OPTION allows the grantee to DROP

the Role, Grant the Role to other user.

Syntax of Creating and Granting New Role:-

- This is the first statement and we use it for Creating New Role.

1.) CREATE ROLE rolename;

- After executing the first statement, we come to second statement. After

creating the Role we give the privileges of this Role, which has created.

2.) GRANT SELECT, EXECUTE ON EMP_TABLE TO rolename;

- After executing the second statement, we come to the third statement. Now

we assign the Role to particular User.

3.) GRANT rolename TO username;

With the help of this these three statement, we can create and assign the Roleto USER or multiple USER.



4/13

Task :- In this task we will work on this following points-

1.) We add the Database in User

2.) We write the SQL query and execute this SQL query.

3.) If SQL query executed then we don't give or assign any Role and if SQL

query does not execute Then we assign the Role.

Step#1:- We add the FINANCIAL database in this DSN (DSN_DBA).

(Right Click (in Database Explorer window)---> select the Add Database option)

Step#2:- Database has added in our Data Source.

Step#3:-Now we will search the data in our default database. In this database

some tables are already created. We will search the records from those tables.



5/13

Note:- Table is there in FINANCIAL database but this time we are not able to

access the data from this table. So it's giving the error i.e. The User does not

have SELECT access to FINANCIAL database table. For giving some privilegesaccess on this tables, we will create the Role for this td_dba User.

STEPS TO CREATE ROLE

Step #1 For define the Role of any particular User, we will create the Role. Now

we select the tdadmin data source name because we will create a Role in this

Data Source.

(First, we click on connect button---> after that Data Source window open)



6/13

Step #2:- After click on 'OK' button, we successfully connected to the our main

User DSN. Now we will create the Role in SQL developer window.

Step #3:- Now we give some Grant access of this Role. For granting the Role,

we write another SQL query in SQL developer window for.



7/13

Step #4:- Now we assign this Role (ROLE_FIN) to a single User. This grant

access only used by this particular User. Other Users cannot use this grant

access.

Note:- Now Role has successfully created and we have assigned Role to

particular User. We have given some privileges of this User. Now user can use

this privileges, it cannot use any other privileges.

Step #5:- Now we have to do some changes in our User, which has created.

We are showing the User, in which we want to be apply this Role (ROLE_FIN).

1.) We open the Teradata Administration 13.0 and click on connect button.



8/13

2.) Data Source window open. We select the tdadmin option from this DSN listand click on OK button.

3.) Now we have successfully connected to the tdadmin. Now from the Users

and Database list, we select the those User, which we want to be apply the

Role.



9/13

4.) Select the User and then we click on Tools option. From Tools we select the

Modify User option.

Step #6:- After selecting the Modify User option, Modify User window open. We

have done some changes in this td_dba user. We have selected the Role name

from Default Role option and also we do changes the Default Database name.



10/13

After that, first we click on Release Lock option because this option release all

the locks which was currently applied. After that it give the message i.e. User

has modified.

Step #7:-Now we click on Modify option. After selecting this option, User has

successfully modified. Now the Role has applied on this User.

Step #8:- Now we open the SQL developer window and click on connect

button. After that Data Source window open. From this window, we select the

Data Source Name, which we applied the current Role.



11/13

Step #9:- After selecting this Data Source Name and click on 'OK' button, we

have successfully logon in this User DSN.

Step #10:- Now we will write the SQL select in this window. This SQL query

returns the output of particular table, which we have written in SQL query.



12/13

Step #11:- Now we will try to insert some record in particular database table.

For this we will write the INSERT query and execute it. After executing the query

one row has inserted.

Step #12:- Now we want to check the records of the table, which we have

inserted one row.



13/13

Step #13:- Now if we want to delete some records, then we will write theDELETE command in SQL window and then we check this command will work or

not because we are accessing only those SQL QUERY which is granted in Role.

This Delete command privilege we haven't give in our Role. If this command

execute successfully then the Role is not granted to user and if this delete

command not execute then it means that Role is successfully granted in user.

Note:- Delete command have not worked because we have given only two

privileges of this USER i.e. SELECT and INSERT privileges.


Role Administration (1)

Documents

Transcript of Role Administration (1)