Teradata 13.

0 Role Administration Lab#22

Description: BISP is committed to provide BEST learning material to the beginners and advance learners. In the same series, we have prepared a complete end-to end Hands-on Guide for building financial data model in Teradata. The document focuses on how to create Role and associate with users. Join our professional training program and learn from experts.

History: Version Description Change Author 0.1 Initial Draft Anil Tekam Aug 2011 0.1 Review#1 Amit Sharma

Publish Date 12th 18th Aug 2011

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 1

Introduction
This is one of our document of creating Role. In this document, we have defined how we can create Role and what the purpose of creating the role.

Objective Create New Role in Teradata Administration. Summary In this example, We create the new Role. We have use the
Teradata Administration for creating the Role and Granting the access right. After creating the Role, we assign this Role in particular User. For this we have modify the User and then we have selected the Role. We can use only some privileges in this User, which has granted in Role.

Create New Role This is the Create Role Script. When we give the Role
Name and click on 'Create' button, Role will be created.

Creating Role Role In V2R5 version of Teradata, Role has include. But earlier version of Teradata there was no Role option. A Role is simply collection of the access rights. When we grant the rights of the Role then the right to use the Role is granted to the users. There are many ways to restrict a user's access to database objects. They are Access rights and Roles of the Users.
www.bispsolutions.com www.bisptrainings.com | | www.hyperionguru.com Page 2 |

To build a safe and secure environment we must protects our objects. Role is very useful option for protecting our objects. When we create the Role and after creating the Role we can grant the access rights of this Role, which is created. After granting the access rights of Role, we can give the Role to any new user, which we are creating. After giving the Role of User, now User can use only those rights, which we have granted in our Role. Limitations of Roles:We cannot grant the following privileges to roles : 1.) CREATE ROLE 2.) DROP ROLE 3.) CREATE PROFILE 4.) DROP PROFILE 5.) CREATE USER 6.) DROP USER We cannot grant WITH GRANT OPTION. That's why the member of role do not have the ability to grant any of the privileges it contains to other Users. The WITH ADMIN OPTION, which can only be granted to a Role, is not equivalent to the WITH GRANT OPTION. The WITH ADMIN OPTION allows the grantee to DROP the Role, Grant the Role to other user.

Syntax of Creating and Granting New Role:- This is the first statement and we use it for Creating New Role. 1.) CREATE ROLE rolename; - After executing the first statement, we come to second statement. After creating the Role we give the privileges of this Role, which has created. 2.) GRANT SELECT, EXECUTE ON EMP_TABLE TO rolename; - After executing the second statement, we come to the third statement. Now we assign the Role to particular User. 3.) GRANT rolename TO username; With the help of this these three statement, we can create and assign the Role to USER or multiple USER.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 3

Task :- In this task we will work on this following points1.) We add the Database in User 2.) We write the SQL query and execute this SQL query. 3.) If SQL query executed then we don't give or assign any Role and if SQL query does not execute Then we assign the Role. Step#1:- We add the FINANCIAL database in this DSN (DSN_DBA). (Right Click (in Database Explorer window)---> select the Add Database option)

Step#2:- Database has added in our Data Source.

Step#3:-Now we will search the data in our default database. In this database some tables are already created. We will search the records from those tables.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 4

Note:- Table is there in FINANCIAL database but this time we are not able to access the data from this table. So it's giving the error i.e. The User does not have SELECT access to FINANCIAL database table. For giving some privileges access on this tables, we will create the Role for this td_dba User.

STEPS TO CREATE ROLE

Step #1 For define the Role of any particular User, we will create the Role. Now we select the tdadmin data source name because we will create a Role in this Data Source. (First, we click on connect button---> after that Data Source window open)

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 5

Step #2:- After click on 'OK' button, we successfully connected to the our main User DSN. Now we will create the Role in SQL developer window.

Step #3:- Now we give some Grant access of this Role. For granting the Role, we write another SQL query in SQL developer window for.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 6

Step #4:- Now we assign this Role (ROLE_FIN) to a single User. This grant access only used by this particular User. Other Users cannot use this grant access.

Note:- Now Role has successfully created and we have assigned Role to particular User. We have given some privileges of this User. Now user can use this privileges, it cannot use any other privileges. Step #5:- Now we have to do some changes in our User, which has created. We are showing the User, in which we want to be apply this Role (ROLE_FIN). 1.) We open the Teradata Administration 13.0 and click on connect button.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 7

2.) Data Source window open. We select the tdadmin option from this DSN list and click on OK button.

3.) Now we have successfully connected to the tdadmin. Now from the Users and Database list, we select the those User, which we want to be apply the Role.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 8

4.) Select the User and then we click on Tools option. From Tools we select the Modify User option.

Step #6:- After selecting the Modify User option, Modify User window open. We have done some changes in this td_dba user. We have selected the Role name from Default Role option and also we do changes the Default Database name.
www.bispsolutions.com www.bisptrainings.com | | www.hyperionguru.com Page 9 |

After that, first we click on Release Lock option because this option release all the locks which was currently applied. After that it give the message i.e. User has modified.

Step #7:-Now we click on Modify option. After selecting this option, User has successfully modified. Now the Role has applied on this User.

Step #8:- Now we open the SQL developer window and click on connect button. After that Data Source window open. From this window, we select the Data Source Name, which we applied the current Role.
www.bispsolutions.com www.bisptrainings.com | | www.hyperionguru.com Page 10 |

Step #9:- After selecting this Data Source Name and click on 'OK' button, we have successfully logon in this User DSN.

Step #10:- Now we will write the SQL select in this window. This SQL query returns the output of particular table, which we have written in SQL query.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 11

Step #11:- Now we will try to insert some record in particular database table. For this we will write the INSERT query and execute it. After executing the query one row has inserted.

Step #12:- Now we want to check the records of the table, which we have inserted one row.
www.bispsolutions.com www.bisptrainings.com | | www.hyperionguru.com Page 12 |

Step #13:- Now if we want to delete some records, then we will write the DELETE command in SQL window and then we check this command will work or not because we are accessing only those SQL QUERY which is granted in Role. This Delete command privilege we haven't give in our Role. If this command execute successfully then the Role is not granted to user and if this delete command not execute then it means that Role is successfully granted in user.

Note:- Delete command have not worked because we have given only two privileges of this USER i.e. SELECT and INSERT privileges.

www.bispsolutions.com www.bisptrainings.com

| |

www.hyperionguru.com Page 13