Security Classification Types and Required CONSTRAINT Object Settings - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Settings for some options in a security CONSTRAINT object depend on the type of security classification it represents.

Classification Type Description/Settings
  • Hierarchical
  • (Non-Set)
All label values are hierarchically related members of the classification category defined by the CONSTRAINT object name.
Required settings:
  • Data type: smallint

    The corresponding constraint column automatically inherits the data type. The smallint data type allows a range of 1 to 10,000 values.

  • VALUES: The set of name:value pairs in the hierarchy, for example, for the security clearance category:

    Top Secret:4, Secret:3, Classified:2, Unclassified:1

    One integer value from the name:value pairs is assigned to each row in a corresponding constraint column. Users may be assigned multiple values.

    Row access is based on comparing the session value(s) to the row value(s).

  • Non-Hierarchical
  • (Set)
All label values are individual compartments in the classification category defined by the CONSTRAINT object name, and have the same relative weight.
Required settings:
  • Data type - byte(n).

    Allows specification of 1 to 8 times the number of values (compartments) as the number of bytes defined by (n), up to 256 values (32 bytes).

  • VALUES - The set of name:value pairs that represent all compartments in the category, for example, for the country category:

    USA:1, UK:2, Canada:3, Japan:4...[country:value]

    A system uses the user constraint values as the default session value. Row access is based on comparing the session value(s) to the row value(s).

    The system automatically encodes the applicable constraint values as a binary string that represents the value as a unique bit position (rather than a numeric value), allowing up to 256 values to appear in the column.

    When doing an INSERT or UPDATE to a table, if the user has OVERRIDE privileges, the operation must supply the hex values. See Example: Loading Tables with User OVERRIDE Privileges.