17.10 - Example: Hierarchical Rules - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
Operation Example Rule
INSERT The current session must have a security label for the security constraint. The session label is entered as the constraint column value for the new row.

Purpose: Allows any user with table level insert privileges to insert a new row. Assumes that the user security level is appropriate for the new data.

SELECT The session security label must equal or exceed the row label or the operation fails.

Purpose: Only users classified equal to or higher than a row can read row data.

UPDATE The session security label must equal or exceed the row label or the operation fails. If the operation is allowed, the updated row uses the session security label for the constraint column value.

Purpose: Restricts access to equivalent/higher level users. The row is automatically reclassified to the user level in case the user adds data with a higher classification.

DELETE The row cannot be deleted unless the constraint column value is at the lowest security level.

Purpose: Ensures that a row is reviewed and declassified before it can be deleted.