With Teradata V2R5, two new administration/security features are
introduced - roles and profiles.
introduced - roles and profiles.
• Roles and profiles simplify the management of users and access rights.
What is a “role”?
• A role is simply a collection of access rights.
–Rights are first granted to a role and the right to use the role is then granted to users.
• A DBA can create different roles for different job functions and responsibilities.
• Roles can help reduce the number of rows in the DBC.AccessRights table.
What is a “profile”?
• A profile is a set of common user parameters that can be applied to a group of users.
• A profile setting (e.g., SPOOL) can be changed with one command
and this new value is immediately applied to every assigned user.
and this new value is immediately applied to every assigned user.
Access Rights Issues (prior to Roles):
The problems:
---> Assume a customer has a large user base.
---> Assume that different users require different access rights on different objects - probably located in different databases.
–> Example: 300 different access rights for 10,000 users; this results in over 3 million access rights in the AccessRights table.
---> If users are not granted privileges to all of the objects within a database, then access rights have to be maintained for each object in the database.
---> If a user changes job functions, changing access rights can become tedious.
Prior to Teradata V2R5, possible solutions were ...
- Place users into different parent databases based on their access right requirements.
–> Use the ALL option of the GRANT statement to grant rights on the shared object(s) to a parent database.
0 comments:
Post a Comment