17.10 - tdspolicy for a TD2 User - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Users who log on with the TD2 mechanism are not subject to local policy because they are not authenticated or authorized in the directory. When you specify a Vantage username for -u, TDGSS looks in the TdgssUserConfigFile.xml to see if a global policy applies to the user.

Profile-based policies do not apply to users authenticated by TD2.
$ tdspolicy -u td2user –i 141.206.3.173
Querying policy using the following parameters:

       Teradata user: td2user
          IP address: 141.206.3.173

          Mechanisms: td2
Confidentiality QoPs: default

where the Vantage user specified by -u:

  • Can use only the TD2 mechanism to log on.
  • Confidentiality is required, but because a TD2 user is not authenticated or authorized in the directory, QOP strength defaults to the DEFAULT QOP.