Teradata MCP Server

sec_rolePermissions

Retrieve and analyze role permissions in Teradata databases to manage access control and security settings.

Instructions

Get permissions for a role.

Arguments: role_name - role name to analyze

Returns: ResponseType: formatted response with query results + metadata

Input Schema

TableJSON Schema

Name	Required	Description	Default
`role_name`	Yes

Implementation Reference

src/teradata_mcp_server/tools/sec/sec_tools.py:52-148 (handler)

The handler function that implements the core logic of the 'sec_rolePermissions' tool. It executes a SQL query to fetch permissions for the given role from DBC.RoleMembers and DBC.AllRoleRights views, maps access rights to human-readable names, formats the results as JSON, and returns a response with metadata.

def handle_sec_rolePermissions(conn: TeradataConnection, role_name: str, *args, **kwargs):
    """
    Get permissions for a role.

    Arguments:
      role_name - role name to analyze

    Returns:
      ResponseType: formatted response with query results + metadata
    """
    logger.debug(f"Tool: handle_sec_rolePermissions: Args: role_name: {role_name}")

    with conn.cursor() as cur:
        if role_name == "":
            logger.debug("No role_name argument provided")
            data = rows_to_json(None, [])
        else:
            logger.debug(f"Argument provided: {role_name}")
            rows = cur.execute(f"""
                SELECT RN.Grantee
                    ,ARR.DatabaseName
                    ,ARR.AccessRight
                    ,CASE
                            WHEN ARR.AccessRight = 'AE' THEN 'ALTER EXTERNAL PROCEDURE'
                            WHEN ARR.AccessRight = 'AF' THEN 'ALTER FUNCTION'
                            WHEN ARR.AccessRight = 'AP' THEN 'ALTER PROCEDURE'
                            WHEN ARR.AccessRight = 'AS' THEN 'ABORT SESSION'
                            WHEN ARR.AccessRight = 'CA' THEN 'CREATE AUTHORIZATION'
                            WHEN ARR.AccessRight = 'CD' THEN 'CREATE DATABASE'
                            WHEN ARR.AccessRight = 'CE' THEN 'CREATE EXTERNAL PROCEDURE'
                            WHEN ARR.AccessRight = 'CF' THEN 'CREATE FUNCTION'
                            WHEN ARR.AccessRight = 'CG' THEN 'CREATE TRIGGER'
                            WHEN ARR.AccessRight = 'CM' THEN 'CREATE MACRO'
                            WHEN ARR.AccessRight = 'CO' THEN 'CREATE PROFILE'
                            WHEN ARR.AccessRight = 'CP' THEN 'CHECKPOINT'
                            WHEN ARR.AccessRight = 'CR' THEN 'CREATE ROLE'
                            WHEN ARR.AccessRight = 'CT' THEN 'CREATE TABLE'
                            WHEN ARR.AccessRight = 'CU' THEN 'CREATE USER'
                            WHEN ARR.AccessRight = 'CV' THEN 'CREATE VIEW'
                            WHEN ARR.AccessRight = 'D'  THEN 'DELETE'
                            WHEN ARR.AccessRight = 'DA' THEN 'DROP AUTHORIZATION'
                            WHEN ARR.AccessRight = 'DD' THEN 'DROP DATABASE'
                            WHEN ARR.AccessRight = 'DF' THEN 'DROP FUNCTION'
                            WHEN ARR.AccessRight = 'DG' THEN 'DROP TRIGGER'
                            WHEN ARR.AccessRight = 'DM' THEN 'DROP MACRO'
                            WHEN ARR.AccessRight = 'DO' THEN 'DROP PROFILE'
                            WHEN ARR.AccessRight = 'DP' THEN 'DUMP'
                            WHEN ARR.AccessRight = 'DR' THEN 'DROP ROLE'
                            WHEN ARR.AccessRight = 'DT' THEN 'DROP TABLE'
                            WHEN ARR.AccessRight = 'DU' THEN 'DROP USER'
                            WHEN ARR.AccessRight = 'DV' THEN 'DROP VIEW'
                            WHEN ARR.AccessRight = 'E'  THEN 'EXECUTE'
                            WHEN ARR.AccessRight = 'EF' THEN 'EXECUTE FUNCTION'
                            WHEN ARR.AccessRight = 'GC' THEN 'CREATE GLOP'
                            WHEN ARR.AccessRight = 'GD' THEN 'DROP GLOP'
                            WHEN ARR.AccessRight = 'GM' THEN 'GLOP MEMBER'
                            WHEN ARR.AccessRight = 'I'  THEN 'INSERT'
                            WHEN ARR.AccessRight = 'IX' THEN 'INDEX'
                            WHEN ARR.AccessRight = 'MR' THEN 'MONITOR RESOURCE'
                            WHEN ARR.AccessRight = 'MS' THEN 'MONITOR SESSION'
                            WHEN ARR.AccessRight = 'NT' THEN 'NONTEMPORAL'
                            WHEN ARR.AccessRight = 'OD' THEN 'OVERRIDE DELETE POLICY'
                            WHEN ARR.AccessRight = 'OI' THEN 'OVERRIDE INSERT POLICY'
                            WHEN ARR.AccessRight = 'OP' THEN 'CREATE OWNER PROCEDURE'
                            WHEN ARR.AccessRight = 'OS' THEN 'OVERRIDE SELECT POLICY'
                            WHEN ARR.AccessRight = 'OU' THEN 'OVERRIDE UPDATE POLICY'
                            WHEN ARR.AccessRight = 'PC' THEN 'CREATE PROCEDURE'
                            WHEN ARR.AccessRight = 'PD' THEN 'DROP PROCEDURE'
                            WHEN ARR.AccessRight = 'PE' THEN 'EXECUTE PROCEDURE'
                            WHEN ARR.AccessRight = 'R'  THEN 'SELECT'
                            WHEN ARR.AccessRight = 'RF' THEN 'REFERENCE'
                            WHEN ARR.AccessRight = 'RO' THEN 'REPLCONTROL'
                            WHEN ARR.AccessRight = 'RS' THEN 'RESTORE'
                            WHEN ARR.AccessRight = 'SA' THEN 'SECURITY CONSTRAINT ASSIGNMENT'
                            WHEN ARR.AccessRight = 'SD' THEN 'SECURITY CONSTRAINT DEFINITION'
                            WHEN ARR.AccessRight = 'SH' THEN 'SHOW'
                            WHEN ARR.AccessRight = 'SR' THEN 'SET RESOURCE RATE'
                            WHEN ARR.AccessRight = 'SS' THEN 'SET SESSION RATE'
                            WHEN ARR.AccessRight = 'ST' THEN 'STATISTICS'
                            WHEN ARR.AccessRight = 'TH' THEN 'CTCONTROL'
                            WHEN ARR.AccessRight = 'U'  THEN 'UPDATE'
                            ELSE 'Unknown'
                        END AS AccesRightText
                FROM DBC.RoleMembers AS RN
                INNER JOIN DBC.AllRoleRights AS ARR
                    ON RN.RoleName = ARR.RoleName
                WHERE RN.Grantee = '{role_name}'
                GROUP BY 1, 2, 3, 4
                ORDER BY 1, 2, 3, 4;""")
            data = rows_to_json(cur.description, rows.fetchall())
        metadata = {
            "tool_name": "sec_rolePermissions",
            "argument": role_name,
            "num_permissions": len(data)
        }
        logger.debug(f"Tool: handle_sec_rolePermissions: metadata: {metadata}")
        return create_response(data, metadata)

src/teradata_mcp_server/app.py:270-281 (registration)

Dynamic registration code that discovers handle_* functions (including handle_sec_rolePermissions) from loaded tool modules via ModuleLoader and registers them as MCP tools with auto-generated schemas from function signatures.

module_loader = td.initialize_module_loader(config)
if module_loader:
    all_functions = module_loader.get_all_functions()
    for name, func in all_functions.items():
        if not (inspect.isfunction(func) and name.startswith("handle_")):
            continue
        tool_name = name[len("handle_"):]
        if not any(re.match(p, tool_name) for p in config.get('tool', [])):
            continue
        wrapped = make_tool_wrapper(func)
        mcp.tool(name=tool_name, description=wrapped.__doc__)(wrapped)
        logger.info(f"Created tool: {tool_name}")

Tool Definition Quality

C2.6/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions the tool 'Get permissions' and returns a 'formatted response with query results + metadata,' but lacks details on permissions needed, rate limits, error handling, or what 'metadata' entails. This is insufficient for a tool with no annotation coverage.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is brief and structured with clear sections for arguments and returns, avoiding unnecessary details. However, the 'Returns' section could be more informative, and the overall text is somewhat sparse, though not wasteful.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations, no output schema, and low schema coverage, the description is incomplete. It lacks details on behavioral traits, error cases, and the format of the 'formatted response,' making it inadequate for a tool that likely involves security or permissions data.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, but the description adds minimal value by specifying 'role_name - role name to analyze.' This clarifies the parameter's purpose slightly beyond the schema's title 'Role Name.' However, with only one parameter and low coverage, the description does not fully compensate, aligning with the baseline for minimal parameter info.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the purpose as 'Get permissions for a role,' which is a clear verb+resource combination. However, it does not differentiate from sibling tools like 'sec_userDbPermissions' or 'sec_userRoles,' leaving ambiguity about scope and specificity. The purpose is understandable but lacks distinction from related tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives such as 'sec_userDbPermissions' or 'sec_userRoles.' The description only states what it does without context, prerequisites, or exclusions, leaving the agent to infer usage scenarios.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/blitzstermayank/MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server