Security Constraint UDFs | Teradata Vantage - 17.10 - About Security Constraint UDFs - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

A security constraint UDF defines and enforces the rules that determine whether to allow or deny the execution of an INSERT, SELECT, UPDATE, or DELETE statement on a table row.

Each constraint UDF restricts an SQL operation based on a coded rule. UDF rules vary by SQL operation and whether the constraint system is a hierarchical (level) or non-hierarchical (compartment) labeling system.

Hierarchical and non-hierarchical constraints require different kinds of UDFs.

Each time a user accesses a row, the system invokes the UDF associated with the SQL operation (for example, INSERT) to determine if the user can perform the operation. If the requesting user does not have the access level required to perform the operation on the row, the UDF denies the request and request processing moves on to the next applicable row.

The system does not require that the user have EXECUTE FUNCTION privileges on the automatically invoked UDFs.

If the CONSTRAINT object does not specify a UDF for an SQL operation, the operation succeeds only if the user has the corresponding OVERRIDE privilege.

If a requesting user has the OVERRIDE privilege for an SQL operation, the request bypasses the UDF that restricts the operation.