How to grant all required privileges retained by DBC to my new admin user?

Database
Enthusiast

How to grant all required privileges retained by DBC to my new admin user?

I created an administrative user "DBADMIN" from user DBC by following the standard best practice. The admin user will manager all the subsequent users and databases. However, I am not clear about the command to grant all required privileges retained by DBC to my new admin account.

The Teradata Administration document just mentioned "After using the GRANT...WITH OPTION statement to grant all required privileges retained by DBC to your new DBADMIN user (or whatever name you chose), log on as DBADMIN to create all your Teradata Database users and high-level databases." The document doesn't provide an example. I have many questions with this statement.

1. Is there just one command for grant all privileges? If yes, what is the command?

2. If I need to grant all required privileges one by one, what are the required privileges retained by DBC?

I also see "WITH ADMIN OPTION" in some examples. The examples just create a role and grant the role to admin user using "WITH ADMIN OPTION". How does it work? Following are the commands I use:


CREATE ROLE admin_role;

GRANT admin_role TO DBADMIN WITH ADMIN OPTION;

But this doesn't work at all. I can't create user as DBADMIN nor drop a database or a user.

Can someone help with some examples? Thanks.

1 REPLY
Teradata Employee

Re: How to grant all required privileges retained by DBC to my new admin user?

WITH ADMIN OPTION means you can grant role membership to or revoke role membership from other users (or roles), or DROP the role. But a role initially conveys no database rights, you have to GRANT some_database_permission TO rolename;

The Security Administration manual (available from http://www.info.teradata.com) has a typical example of the GRANTs for DBADMIN.