About Access Logging Information in System Views - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

Teradata Vantage stores various types of security information in data dictionary tables residing in the DBC system database. System views based on these tables contain access logs and other security-related data.

View Name Description
Access Logging Views
DBC.AccessLogV Indicates the results of a privilege check performed against a Teradata SQL request. The system logs privilege checks based on the criteria defined in the current logon rules.
DBC.AccLogRulesV Lists the current logging rules, which the system derives from BEGIN LOGGING statements, and uses to determine which privilege checks should create entries in the DBC.AccLogTbl table.
DBC.DeleteAccessLogV Lists the entries from the access log by date and time, to help you identify aged data that you should remove. You can only remove entries more than 30 days old.

To remove all entries over 30 days old, you can enter:

  DELETE FROM        DBC.DELETEACCESSLOGV ALL ;
DBC.LogOnOffVX Lists logon and logoff activity, the associated user, session number, and attempted logon events. Event data indicates the reasons for unsuccessful logon attempts.

For unsuccessful logons, the table stores the string “Non-existent User,” instead of the username used in the logon, unless the DBS Control ShowAllUserNames flag is set to TRUE.

DBC.LogonRulesV Lists the users named in previous GRANT LOGON or REVOKE LOGON statements, and indicates which users have WITH NULL PASSWORD privileges, which allows them to be externally authenticated.

The system uses these entries to determine whether to allow access.

DBC.SecurityLogVX Lists a subset of the data on privilege checking from DBC.AccLogTbl, limited to username, table, database, logon time, and account.
User and Privilege Views
DBC.AllRightsVX Lists all automatically or explicitly granted privileges for a user or database, and the objects to which the privileges apply.
DBC.AllRoleRightsV Lists all privileges granted to each role.
DBC.RoleInfoVX Lists the name of the creator for each role.
DBC.RoleMembersVX Lists each role, all of its members, and whether it is the default role for each of the members.
DBC.UsersV Lists information about all users defined in the database. The information is derived from system table DBC.DBase.
DBC.UserGrantedRightsV Lists the explicit privileges that a user grants to other users.
DBC.UserRightsV Lists all database privileges explicitly granted to each user. It does not list the implicit privileges for the users.
DBC.UserRoleRightsV Lists all roles, including any nested roles, available to each user, along with the privileges granted to each role.

Does not list directory users or their mapped external roles.

Password Control Views
DBC.ProfileInfoVX Lists all profiles and associated parameter settings.

Use this view to check the password control settings for a profile.

DBC.RestrictedWordsV Lists words that are not allowed in a password string when the RestrictedWords control is enabled.
DBC.SecurityDefaultsV Lists the current global password controls and associated values.