17.10 - Working with OS-Level Security Options - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

During installation of Teradata Vantage, the system automatically creates the following default OS-level security structure.

Default User or Group Description
Users
teradata Advanced SQL Engine runs as the teradata user, which is a member of the tdtrusted group.
tdatuser Runs UDFs in protected mode and is a member of the tdatudf group.
Groups
tdtrusted Has permission to run OS-level processes and utilities, and provides this permission to member users:
  • teradata (created by default to run the database)
  • Other administrative users that you create who require OS-level access, for example, to run utilities or change the TDGSS configuration.
Although you can run OS-level utilities and processes as root, Teradata recommends that for secure operation you severely limit root access and create individual administrative user accounts in the tdtrusted group to run Teradata utilities and other OS-level functions.

For information on starting utilities that need OS-level of access, see Teradata Vantage™ - Database Utilities, B035-1102.

tdatudf Has permission to run UDFs in protected mode and provides this permission to member users:
  • tdatuser (created by default)
  • Other users you create who need to run UDFs in secure mode
Although most OS-level tasks can be run by the users defined in the table above, you must use root access to:
  • Install a new version of Teradata Vantage or Advanced SQL Engine
  • Start the database when it is down

If your site security policy requires an alternative OS-level access strategy, contact your Teradata Customer Service representative for assistance.