User Types | Teradata Vantage - 17.10 - About Database User Types - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
A Teradata Vantage user:
  • Can log on to Teradata Vantage, establish logon sessions, and perform actions.
  • Is defined as an object, much like a database, and if the user object is defined to have perm space, it can contain other database objects. A user owns the objects contained within its perm space.

The method used to define a user depends on how the user is managed.

Vantage User Type Description
Permanent user Define permanent users in Vantage using a CREATE USER statement and manage them from within Vantage.

See Creating Permanent Database Users.

Directory-based user Create users in the directory and map them to Vantage objects.

See Working with Directory Users.

Auto provisioned user If auto provisioning is configured for your system, unmapped users can automatically obtain a Teradata Vantage user identity when they first log on to the system. To auto provision a Vantage account the user must have an identity in the directory and be mapped to a Vantage object, such as an external role or profile, but not yet be mapped to a Vantage user.

During auto provisioning a user object is automatically generated and granted LOGON ... WITH NULL PASSWORD privileges. Auto provisioned users must always authenticate externally.

Unlike the pseudo-user, EXTUSER, auto provisioned users have permanent, individual identities in Vantage. This allows them to create and own database objects, and use global temporary tables and volatile tables.

Because auto provisioned users have a Vantage identity, they can be individually subjected to access logging and workload management rules, and can use administrative tools, such as Teradata Viewpoint. See About Auto Provisioned Directory Users.

Application logon user An application logon user is a permanent username under which a middle-tier application server logs on to Vantage.

Define application logon users similarly to other permanent users, using the CREATE USER statement. See Working with Middle-Tier Application Users.

Application end user Assume the identity and database privileges of the logon user for the application through which they log on.
Trusted user A trusted user is a middle-tier application that is specially configured to allow end users (proxy users) to log on as individuals.

Define trusted users by entering the permanent username under which the trusted user application logs on to Vantage in a GRANT CONNECT THROUGH statement. See Working with Middle-Tier Application Users.

Proxy user A proxy user is an end user that logs on to Vantage through a trusted user application. The system identifies and authorizes the user as an individual.

Proxy users can be either permanent users or other end users unknown to Vantage.

Define proxy users inVantage using a GRANT CONNECT THROUGH statement, which also identifies the trusted user application through which the user can log on.

For information on creating proxy users, see Working with Middle-Tier Application Users.