17.10 - Option 2: Directory Authentication and Authorization - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
If directory users do not have matching user names in the database, or if the matching user name does not have all the requisite database privileges, you can authorize privileges in the directory by mapping directory users to database users, and to database external roles and profiles.
  • You can map directory users with very limited access needs to the system-generated pseudo-user, EXTUSER, which has database privileges similar to PUBLIC, by default. Directory users mapped to one or more Vantage roles or profiles--and not mapped to a database user--automatically gain EXTUSER privileges in addition to those privileges acquired from the roles/profiles.
  • If the directory user requires an individual database account, you can enable the DBSControl AutoProvision parameter and map the directory user to a role or profile. In this case, a database account is automatically provisioned for the user and they are logged on to the database as that user instead of EXTUSER.

For information on EXTUSER, see Characteristics of Directory Users Mapped to Permanent Database Users.

For information on auto provisioned users, see About Auto Provisioned Directory Users.