Middle-tier applications may stand between end users and Teradata Database, accepting requests from users, constructing queries from those requests, passing the queries to the database, and then returning results to the users. The middle-tier application logs on to the database, is authenticated as a permanent database user, and establishes a connection pool. The application then authenticates the individual application end users, some of whom may request access to the database through the connection pool.
By default, all end-users accessing the database through a middle-tier application are authorized database privileges and are audited in access logs, based on the single permanent database user identity of the application.
For sites that require end users to be individually identified, authorized, and audited, the middle-tier application can be configured to offer trusted sessions. Application end-users that access the database through a trusted session must be set up as proxy users and assigned one or more database roles, which determine their privileges in the database. When a proxy user requests database access, the application automatically forwards the user identity and applicable role information to the database.
For further information about the tasks required to set up trusted sessions and proxy users, see Teradata Vantageā¢ - Advanced SQL Engine Security Administration, B035-1100.