17.10 - High-Level Process for Trusted Sessions - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - SQL Data Definition Language Detailed Topics

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Programming Reference
Publication ID
B035-1184-171K
Language
English (United States)

The following event sequence outlines the general process stages undertaken to use a trusted session.

  1. The security administrator creates CONNECT THROUGH privileges for an appropriate trusted_user:permanent | application_user pair using a GRANT CONNECT THROUGH request (see Teradata Vantage™ - SQL Data Control Language, B035-1149).
  2. The middle tier application creates a connection pool to Vantage.
  3. The application end user authenticates itself to the middle tier application and requests a service to submit a query to Vantage.

    The method by which the application end user authenticates itself to the middle tier application is not described here because its authentication is the responsibility of the application, not of Vantage.

  4. The middle tier application establishes a connection within the connection pool.
  5. The middle tier application sets the active session identity and role for the application end user by submitting an appropriate SET QUERY_BAND request to Vantage.
  6. Vantage verifies the application end user has been granted trusted session access through the middle tier application database connection.
  7. The middle tier application submits an SQL request to Vantage on behalf of the application end user.
  8. Vantage verifies the privileges for the request based on the active roles defined for the application end user.
  9. Vantage returns the result set to the middle tier application, which then forwards the result set to the application end user.
  10. Vantage records the identity of the application end user in any rows inserted into Access Log and Database Query Log tables as appropriate.
    IF the end user makes its connection as this kind of proxy user … THEN its identity is logged using this name as specified for the CONNECT THROUGH privilege used to make the trusted session …
    application application name.
    permanent permanent user name.

    See Teradata Vantage™ - SQL Data Control Language, B035-1149 for the definitions of application and permanent users.

  11. The middle tier application returns the connection it had withdrawn to the connection pool.
  12. The following housekeeping activities occur when either the session is terminated or Vantage receives a Cleanup parcel (flavor 80).
    • The proxy user is discarded.
    • Any session query bands are discarded.
    • Any transaction query bands are discarded.