17.10 - Using the SET QUERY BAND Statement to Enable Session Proxy Roles - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You must set up the trusted user application to issue a SET QUERY_BAND statement similar to the following when proxy users log on to Teradata Vantage:

SET QUERY_BAND = 'PROXYUSER=appluser;PROXYROLE=<role>;’ FOR SESSION;
SEL cola, colb FROM database1.table1;
SEL cola, colb FROM database2.table2;
...
SET QUERY_BAND = NONE FOR SESSION;

The system examines both the SET QUERY_BAND statement and the role specification in the originating GRANT CONNECT THROUGH statement to determine the operant role.

SET QUERY_BAND statement GRANT CONNECT THROUGH Statement Role Used by the Trusted Session
PROXYROLE is omitted WITHOUT ROLE The default role for the matching permanent database user.
WITH ROLE <role(s)> All roles specified for the proxy user in the GRANT CONNECT THROUGH statement for the user.
PROXYROLE = ALL WITHOUT ROLE All roles granted to the matching permanent database user.
WITH ROLE <role(s)> All roles specified for the proxy user in the GRANT CONNECT THROUGH statement for the user.
PROXYROLE = rolename WITHOUT ROLE The named role, if the matching permanent database user is a member of the named role.
WITH ROLE <role(s)> The named role, if the role is specified in the GRANT CONNECT THROUGH statement for the proxy user.
PROXYROLE = NONE

or

PROXYROLE = NULL

WITHOUT ROLE The current role is set to NULL.

The proxy user inherits the default role for the matching permanent database user.

WITH ROLE <role(s)> The system returns an error. The SET QUERY_BAND statement must specify a role from the GRANT CONNECT THROUGH statement.

For further information on the use of the SET QUERY_BAND statement for proxy user sessions, see Teradata Vantage™ - SQL Data Definition Language Syntax and Examples, B035-1144 and Teradata Vantage™ - SQL Data Definition Language Detailed Topics, B035-1184.