Security Constraint UDFs | Teradata Vantage - Security Constraint UDFs - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

A security constraint UDF defines and enforces the rules that determine whether to allow or deny the execution of an INSERT, SELECT, UPDATE, or DELETE statement on a table row.

Each constraint UDF restricts an SQL operation based on a coded rule. UDF rules vary by SQL operation and whether the constraint system is a hierarchical (level) or non-hierarchical (compartment) labeling system.

Hierarchical and non-hierarchical constraints require different kinds of UDFs.

Each time a user accesses a row, the system invokes the UDF associated with the SQL operation (for example, INSERT) to determine if the user can perform the operation. If the requesting user does not have the access level required to perform the operation on the row, the UDF denies the request and request processing moves on to the next applicable row.

The system does not require that the user have EXECUTE FUNCTION privileges on the automatically invoked UDFs.

If the CONSTRAINT object does not specify a UDF for an SQL operation, the operation succeeds only if the user has the corresponding OVERRIDE privilege.

If a requesting user has the OVERRIDE privilege for an SQL operation, the request bypasses the UDF that restricts the operation.