17.10 - Usage Notes - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Data Dictionary

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Programming Reference
Publication ID
B035-1092-171K
Language
English (United States)

LogonSource

Teradata recommends using alternative columns instead of the LogonSource column, if available. For information about the recommended columns for LogonSource, see "LogonSource Column Fields and Examples."

ClientConfCipherSuite and UnityConfCipherSuite

ASCII String representing the confidentiality cipher suite. Currently, this is the TLS cipher suite, for example: "TLS_AES_256_GCM_SHA384".

ClientConfVersion and UnityConfVersion

ASCII String representing the confidentiality version number. Currently, this is the TLS version number, for example: "TLS 1.2".

Unity_AuthUser

Provides audit trail information for the security policy.

UserName

The UserName column returns “Non-existent User” when a user tries to log on with a bad username.

Possible Values for ClientConfType

Value Description
C TLS used for encryption. Client validated the Certificate-Authority chain but ignored the Subject-Alternative-Name and the Common-Name.
E TDGSS used for encryption. The application does not have the option to change this during the session.
F TLS was attempted but failed, so this is a fallback to using TDGSS for encryption because ENCRYPTDATA is specified.
H TLS was attempted but failed, so this is a fallback to unencrypted because ENCRYPTDATA is not specified.
O May be encrypted using TDGSS or unencrypted. The application has the option of changing this at any time. This is possible only with CLIv2 apps, because drivers (e.g. ODBC, JDBC) do not toggle encryption on and off within a session.
R TLS used for encryption. Server certificate was ignored; client did not validate the identity of the server.
U Unencrypted. The application does not have the option to change this during the session.
V TLS used for encryption. Client validated the Certificate-Authority chain and the Subject-Alternative-Name or the Common-Name.

Possible Values for ClientConnectionType

Value Description
1 Client is connected using TCP/IP via the gateway.
2 Client is connected from a mainframe via a mainframe-attached host.

Possible Values for DirUserNetConfidentiality, UnityNetConfidentiality, EffectiveSessionNetConf

When these columns are set to I or C it indicates the level of protection required.

Value Description
I Indicates the level of protection required for Integrity, which is obtained by lookup in the LDAP directory used for security policy. The levels are: Default (D), Low (L), Medium (M), and High (H).
C Indicates the level of protection required for Confidentiality, which is obtained by lookup in the LDAP directory used for security policy. The levels are: Default (D), Low (L), Medium (M), and High (H).

Possible Values for Event

The names of the following values are truncated if they are more than 12 characters in length. If they are less than 12 characters in length, blank spaces are added.
  • Logon
  • Logoff
  • Logon failed

    This value means a logon failed for reasons other than “Bad User,” “Bad Account,” “Bad Password,” “Bad profile,” “IP restrict,” “Auth failed,” “Bad auth,” or “Secur policy.” Currently, those other reasons are a failure to conform to Logon Rules or an attempt to log on without a password, where the TDP logon exit does not approve the logon.

  • Bad user
  • Bad account

    This value means the user provided an account string during logon time, but that string does not match any of the account names specified for the user in the SQL CREATE USER or MODIFY USER statement.

  • Bad password
  • Bad profile

    The external profile associated with the logon request does not exist. External profiles are stored in the directory server.

  • Forced off

    This value indicates that the user session was terminated from the system console or the PM/API.

  • IP restrict

    This value indicates the user is not permitted to log on from the IP address used.

  • Auth failed

    This value indicates an authentication error.

  • Bad auth

    This value may indicate other authentication errors: bad authentication field, deprecated logons, decryption failure, and so forth.

  • Secur policy

    This value indicates that a logon attempt failed because of a security policy violation.

Possible Values for LogonRedrive

Value Description
' ' Not participating
MEMORY NON-FALLBACK RESPONSES Memory-based Redrive participation
NULL or blanks Session is not participating in Redrive and database restarts will not be transparent to applications and users.

Possible Values for ProxyLogon

Value Description
T The ProxyLogon column indicates if Unity has logged a user onto a TD2 session using existing credentials, when that user was successfully logged on by another Unity-managed Vantage system using TD2. When this occurs, ProxyLogon is set to T.
F False indicates the TD2 session logged on or attempted to log on with a valid password.

Possible Values for RecoverableNetworkProtocol

Value Description
T True
F False

Possible Values for SecurityPolicy and UnitySecurityPolicy

  • No Policy
  • Plaintext
  • Integrity, Default
  • Integrity, Low
  • Integrity, Medium
  • Integrity, High
  • Confidentiality, Default
  • Confidentiality, Low
  • Confidentiality, Medium
  • Confidentiality, High

SecurityPolicy and UnitySecurityPolicy are used to provide audit trail information for the security policy.

Possible Values for ServerConfType

Value Description
E TDGSS used for encryption, either enforced by policy or asserted by a Client.
O May be encrypted using TDGSS or unencrypted, as asserted by a Client, or because it cannot be determined.
T TLS used for encryption.
U Unencrypted, as asserted by a Client Interface.

Possible Values for ServerUnityConfType

Value Description
E TDGSS used for encryption, either enforced by policy or asserted by Unity.
O May be encrypted using TDGSS or unencrypted. Cannot be determined by the gateway.
T TLS used for encryption.
U Unencrypted, as asserted by Unity.

Possible Values for UnityConfType

Value Description
E TDGSS used for encryption.
F TLS was attempted but the handshake failed, so this is an attempt to fallback to using TDGSS for encryption. This is otherwise equivalent to "E".
T TLS used for encryption.
U Unencrypted.