Working with OS-Level Security Options - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

During installation of Teradata Vantage, the system automatically creates the following default OS-level security structure.

Default User or Group Description
Users
teradata Advanced SQL Engine runs as the teradata user, which is a member of the tdtrusted group.
tdatuser Runs UDFs in protected mode and is a member of the tdatudf group.
Groups
tdtrusted Has permission to run OS-level processes and utilities, and provides this permission to member users:
  • teradata (created by default to run the database)
  • Other administrative users that you create who require OS-level access, for example, to run utilities or change the TDGSS configuration.
Although you can run OS-level utilities and processes as root, Teradata recommends that for secure operation you severely limit root access and create individual administrative user accounts in the tdtrusted group to run Teradata utilities and other OS-level functions.

For information on starting utilities that need OS-level of access, see Teradata Vantageā„¢ - Database Utilities, B035-1102.

tdatudf Has permission to run UDFs in protected mode and provides this permission to member users:
  • tdatuser (created by default)
  • Other users you create who need to run UDFs in secure mode
Although most OS-level tasks can be run by the users defined in the table above, you must use root access to:
  • Install a new version of Teradata Vantage or Advanced SQL Engine
  • Start the database when it is down

If your site security policy requires an alternative OS-level access strategy, contact your Teradata Customer Service representative for assistance.