17.10 - About the Has-Policy Option - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

In a Unity environment, application of the has-option policy causes the system to transmit message traffic between Unity and a connected database in clear text.

The has-policy option is useful if the Unity server is co-located with the connected Teradata Vantage systems. Encryption is maintained between Teradata Vantage clients and the Unity server, while being eliminated for an otherwise secure connection between the Unity server and Vantage, saving processing costs associated with the unneeded encryption-decryption cycle.

  • If you enable the has-policy option, and neither the Unity server IP address or the Unity user that connects toVantage has a QOP explicitly defined, the system requires the transmittal in clear text.
  • If the Unity user or IP address has an assigned QOP policy, the system ignores the has-policy option.
  • If you do not enable the has-option policy, and the Unity user or IP address does not have an assigned QOP, the system uses the same QOP that applies to transmissions between the client and Unity.

You can apply the has-option policy to the DN of a:

  • Vantage user name (tdatUser object) or a directory user name (directory principal)
  • Vantage profile name (tdatProfile object)
  • Network group (tdatNetworkGroup object)