Pooled Session Requirements - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢
When users access the database through an application that uses pooled sessions, then:
  • if the application is not a trusted user, the row level security constraints for all end users derive from the application logon user. Teradata recommends to not allow users to access tables protected by row level security through non-trusted user applications, because the system cannot apply row level security to the individual end users or track their actions in access logs.
  • if the application is a trusted user:
    • If the proxy user is linked to a permanent database user by using the TO PERMANENT clause in the GRANT CONNECT THROUGH statement, the row level security constraints derive from the permanent user, including the user profile.
    • If the proxy user is not linked to a permanent database user, but has a profile assigned through the GRANT CONNECT THROUGH statement, the row level security constraints derive from the assigned profile.
    • If the proxy user is not linked to a permanent database user, and does not have a profile assigned, the system cannot set a row level security constraint for the session, so attempts to access row level security tables fail.
To provide safe access to row level security tables, set up applications for trusted sessions.