Assessing User Needs | Teradata Vantage - 17.10 - Assessing User Needs - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

To prepare for creating and provisioning database users:

  1. Make a list of all users that require access to the database, and identify each one according to functional category. Minimize the number of user types to simplify user management.
  2. Define user resource requirements for use in creating profiles:
    • Examine user space requirements:
      • Users who create or own databases, tables, and other space-consuming objects require permanent storage space (perm space).
      • Users who submit SQL queries, macros, stored procedures or other executable requests require spool space to contain the temporary database structures used to the execute the requests.
    • Define user accounting requirements for resource accounting and prioritizing each user request. Then create the accounts, as shown in Teradata Vantage™ - Database Administration, B035-1093, and assign the accounts to users, either directly or through use of profiles. Each account can specify:
      • A priority level (low, medium, high, and rush)
      • An account identifier that specifies such things as department, group, and function
      • A date and time stamp
    • Define the user default database (the database where the user most often works) to avoid specifying the database as part of each request.
    • Define password control parameters. Consider your site security policy and decide whether or not all users can share the global default password parameters referenced in Setting Up the Administrative Infrastructure, or if you need to set these parameters separately for groups of users.
    • Determine whether users are subject to row level security constraints that should be assigned in profiles. See Working with Constraint Assignments.
      Users that log on through applications that pool sessions do not have access to personal profiles, and instead defer to the profile for the application user or trusted user.
  3. Review the database objects (such as views, tables, macros, functions, and procedures) that users or user groups must access to do their job. Identify groups of users with common database privilege requirements and create roles to define the privileges for each group, rather than granting privileges to individual users.