Assigning Profiles to Users | Teradata Vantage - 17.10 - About Assigning Profiles to Users - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The user categories shown in the table below require differing strategies for assigning profiles.

For a description of each database user type, see the table in About Database User Types.
Database User Type Profile Assignment Method
Permanent database users Specify the profile name in the CREATE USER or MODIFY USER statement for the user.
Directory users Assign profiles to directory users in one of the following ways:
  • Map the directory user to one or more profile objects. For directory users mapped to more than one profile, the user must set the profile using profile=profile_name in the .logdata portion of the logon string.

    For information on mapping directory users to database profiles, see Mapping Directory Users to Vantage Profiles.

  • Map the directory user object to a Vantage user to provide the following profile assignment options:
    • The directory user inherits the profile assigned to the database user.
    • If the database user does not have an assigned profile, the directory user inherits the default parameter values for the database user. See Default Values for the CREATE PROFILE Statement.
    • For directory users mapped to a Vantage profile and a database user, the mapped profile takes precedent by default.

    For information mapping directory users to database users, see Mapping Directory Users to Database Users.

Application logon users or trusted users Specify the profile name in the CREATE or MODIFY USER statement for the user name under which the application logs on to the database. The application user profile applies to all users that log on through the application.
Proxy users Proxy users who are also permanent database users, and for whom queries are sent to the database through a trusted user application, are subject to any row level security constraints that appear in the profile assigned to the corresponding permanent user.

All other profile-based privileges are taken from the profile assigned to the trusted user application.

For information on options for end users logging on through middle-tier applications, see Working with Middle-Tier Application Users.

For information on row level security constraints, see Implementing Row Level Security.

For information about the types of users that exist when you use secure zones, see Implementing Teradata Secure Zones.