Advanced SQL Engine
||See the rest of this section (starting at Vantage Security Overview) for an overview of Advanced SQL Engine security.
Machine Learning Engine
- Access to Teradata Machine Learning Engine analytic functions is controlled by permissions on the coprocessor foreign server object and by permissions on individual function mappings.
- Users on Machine Learning Engine are automatically provisioned on first access:
- Users are automatically given their own private schema
- Data is not shared between users on Machine Learning Engine
- Data does not persist within the Machine Learning Engine
Teradata Vantage™ User Guide, B700-4002.
- HTTPS based connections to QueryGrid Manager (TLSv1.2)
- Communication policies can be defined at different security levels for data transfers between the initiating connector (the connector starting the query) and the target connector (the connector receiving the query). Security levels can be set for authentication, integrity, and encryption
- Fabric supports encryption over the wire
- Fabric communications between Advanced SQL Engine and Machine Learning Engine are authenticated
- Fabric supports LAN and WAN communication policies
- LAN Policy – Enables key based authentication, credentials are encrypted using AES-128 encryption standard
- WAN Policy – Enables key based authentication, both credentials and data are encrypted using AES-256 encryption standard
- Permissions in Viewpoint restrict the users who can modify the QueryGrid configuration
Teradata® QueryGrid™ Installation and User Guide, B035-5991.
- Connections to portlets are secured using HTTPS (TLSv1.2)
- Authentication and encryption (with certificates) enabled for Viewpoint services:
- DCS, ActiveMQ, Postgres, tdNotification
- External users are managed by connected LDAP servers:
- LDAP authentication and group authorization
- Enhanced password controls for local users
- Automatic log off after a period of inactivity
- Portlet access is controlled at different levels by setting permissions for Viewpoint users:
- Role-based permissions are applied for different categories of users
- Access logging
Teradata® Viewpoint User Guide, B035-2206.