GRANT LOGON Statement | SQL Data Control Language | Teradata Vantage - 17.05 - GRANT LOGON - Teradata Database

Teradata Vantageā„¢ - SQL Data Control Language

prodname
Advanced SQL Engine
Teradata Database
vrm_release
17.00
17.05
created_date
June 2020
category
Programming Reference
featnum
B035-1149-170K
GRANT LOGON does either of the following:
  • Gives specific users permission to log on to the database from one or more specific client systems.
  • Changes the current system logon defaults.

Required Privileges

You must have the EXECUTE privilege on the DBC.LogonRule macro to perform GRANT LOGON.

Syntax

GRANT LOGON ON
  { host_id [,...] | ALL }
  { AS DEFAULT | { TO | FROM } user_name [,...] }
  [ WITH NULL PASSWORD ] [;]

Syntax Elements

host_id
A mainframe connection or a workstation network connection that is currently defined to the system by the hardware configuration data. The interface need not be operational.
You can define multiple host IDs per node.
The host ID for the system console is 0. For any other connector, the value for host_id ranges from 1 through 32,767.
ALL
Any source through which a logon is attempted, including the system console.
AS DEFAULT
The current default for the specified host_id set is to be changed, without residual conditions, as defined in this GRANT LOGON statement. A statement with AS DEFAULT has no effect on the access granted to or revoked from particular user names.
A statement that sets the default for a specific host_id takes precedence over a statement that sets the default for ALL client systems.
TO
FROM
The clause that specifies the recipient of the GRANT results.
user_name
One or more user names whose current system logon defaults are to be changed.
  • You cannot specify the name DBC as a user name in a GRANT LOGON statement. A statement that includes this name returns an error message.
  • The product of the number of host IDs times the number of user names cannot exceed 25.
WITH NULL PASSWORD
Permits a logon string that has no password to be accepted from the specified client system community.
The initial default is that all logon requests must include a password. The WITH NULL PASSWORD option, in conjunction with a TDP security exit procedure, negates that default.
This option implies that the user has been authenticated externally and not by the database. See Teradata Vantageā„¢ - Advanced SQL Engine Security Administration, B035-1100 for more information.