17.10 - Teradata Schema Object Attributes in the Directory Information Tree - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
The Teradata extensions to the directory schema include attributes that Teradata schema objects can or must contain:
  • Required: Attributes that must appear in the objects that can contain them.
  • Optional: Attributes that may be required if certain conditions are present.
  • Generated: Attributes automatically generated by Active Directory, ADAM, and AD LDS.
Attribute Name Description Occurrence Directory
cn The common name of the object. Required.

One occurrence per tdat object.

All directories
description A description of the object, how it is used, or other wording to help place the object within its overall context. Optional.

No limit on occurrences.

tdatUserMember FQDN of a directory user that maps to the Vantage User named in the cn attribute of the tdatUser object. Required to map directory users to tdatUser objects.

One or more occurrences per mapped object.

tdatRoleMember FQDN of a directory group that maps to the Vantage role named in the cn attribute of the tdatRole object. Required to map directory groups to tdatRole objects.

One or more occurrences per mapped object.

All Directories
tdatProfileMember FQDN of a directory profile that maps to the Vantage profile named in the cn attribute of the tdatProfile object. Required to map directory users to tdatProfile objects.

One or more occurrences per mapped object.

tdatAllowDeny This attribute is a boolean switch in an tdatIPFilter object.

When set to TRUE, the IP filter is a restrictive filter.

When set to FALSE, the filter is a permissive filter.

Required to define the type of IP filter.

One occurrence per object.

tdatAllowedIP Each attributes contains an IP address and a mask, which define filter criteria.
In a restrictive filter:
  • Use the tdatAllowIP attribute to specify the range of IP addresses allowed to log on to the database.
  • Use the tdatDenyIP to define exceptions to the IP range allowed by the tdatAllowIP.
In a permissive filter:
  • Use the tdatDenyIP attribute to specify the range of IP addresses denied permission to log on to the database.
  • Use the tdatAllowIP to define exceptions to the IP range denied by the tdatDenyIP.
Required.

A tdatIPFilter must contain at least the primary attribute for the filter type.

For information creating IP filters, see About IP Filters.

tdatDeniedIP
tdatIPFilterMember FQDN of a directory profile that maps to the Vantage profile named in the cn attribute of the tdatProfile object. Required to map directory users to tdatIPFilter objects.

One or more occurrence per mapped object.

tdatIPFilterMemberOf The FQDN of an IP filter named in an ipFilters object. Generated.

For further information on generated objects and attributes, see Special Objects and Attributes Required for Active Directory, ADAM, and AD LDS.

Active Directory, ADAM, or AD LDS only
tdatUserMemberOf FQDN of a Vantage user in an Active Directory, ADAM, or AD LDS user object.
tdatRoleMemberOf FQDN of a Vantage role in an Active Directory, ADAM, or AD LDS group object.
tdatProfileMemberOf FQDN of a Vantage profile in an Active Directory, ADAM, or AD LDS user object.