16.20 - Security Considerations - Teradata Tools and Utilities

Teradata® Call-Level Interface Version 2 Reference for Mainframe-Attached Systems

Teradata Tools and Utilities
September 2019
Programming Reference

Because CLIv2 callable routines are simply subroutines of an application, they operate in the same execution environment as the application.

  • No special operating system authorization is required (for example, Authorized Program Facility [APF] for z/OS). CLIv2 functions no differently if an application is authorized.
  • No datasets or files are accessed, so system access rights for the current system userid are not implicitly extended by CLIv2 to other objects. CLIv2 accesses only its own load modules from the normal system module search order.
  • No devices or communication facilities, such as TCP/IP, are accessed. CLIv2 communicates only with TDP. The CLIv2 internal trace is not recorded by the operating system unless permitted by CLIv2 customization in HSHSPB.
  • Neither application SQL data nor Teradata Database logon passwords are retained beyond their need, nor are they passed anyplace, except to TDP. Such data is not included in any internal trace. The exception is storage capture initiated outside CLIv2, such as a z/OS ABEND dump.
  • Only minimal standard operating system services or their equivalent in specialized environments, such as CICS, are used.