Authorization of Directory-Based Users | Teradata Vantage - Authorization of Directory-Based Users - Advanced SQL Engine - Teradata Database

Database Introduction

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
June 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
qia1556235689628.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1091
lifecycle
previous
Product Category
Teradata Vantageā„¢
After being authenticated by the directory, directory-based users are authorized database access privileges according to the following rules:
  • If the directory maps users to database objects (users, external roles, and profiles), each directory user is authorized the privileges of the objects to which it is mapped.
  • If the directory does not map users to database objects, but the directory username matches a database username, the directory user is authorized all the privileges belonging to the matching database user.
  • If a directory user is neither mapped to any database objects, nor does the directory username match a database username, the directory user has no privileges to access the database.
One or more setup tasks (depending on implementation) must be completed before a directory user can access the database. See Teradata Vantageā„¢ - Advanced SQL Engine Security Administration, B035-1100.