LogonSource
Teradata recommends using alternative columns instead of the LogonSource column, if available. For information about the recommended columns for LogonSource, see "LogonSource Column Fields and Examples."
ClientConfCipherSuite and UnityConfCipherSuite
ASCII String representing the confidentiality cipher suite. Currently, this is the TLS cipher suite, for example: "TLS_AES_256_GCM_SHA384".
ClientConfVersion and UnityConfVersion
ASCII String representing the confidentiality version number. Currently, this is the TLS version number, for example: "TLS 1.2".
Unity_AuthUser
Provides audit trail information for the security policy.
UserName
The UserName column returns “Non-existent User” when a user tries to log on with a bad username.
Possible Values for ClientConfType
Value | Description |
---|---|
C | TLS used for encryption. Client validated the Certificate-Authority chain but ignored the Subject-Alternative-Name and the Common-Name. |
E | TDGSS used for encryption. The application does not have the option to change this during the session. |
F | TLS was attempted but failed, so this is a fallback to using TDGSS for encryption because ENCRYPTDATA is specified. |
H | TLS was attempted but failed, so this is a fallback to unencrypted because ENCRYPTDATA is not specified. |
O | May be encrypted using TDGSS or unencrypted. The application has the option of changing this at any time. This is possible only with CLIv2 apps, because drivers (e.g. ODBC, JDBC) do not toggle encryption on and off within a session. |
R | TLS used for encryption. Server certificate was ignored; client did not validate the identity of the server. |
U | Unencrypted. The application does not have the option to change this during the session. |
V | TLS used for encryption. Client validated the Certificate-Authority chain and the Subject-Alternative-Name or the Common-Name. |
Possible Values for ClientConnectionType
Value | Description |
---|---|
1 | Client is connected using TCP/IP via the gateway. |
2 | Client is connected from a mainframe via a mainframe-attached host. |
Possible Values for DirUserNetConfidentiality, UnityNetConfidentiality, EffectiveSessionNetConf
When these columns are set to I or C it indicates the level of protection required.
Value | Description |
---|---|
I | Indicates the level of protection required for Integrity, which is obtained by lookup in the LDAP directory used for security policy. The levels are: Default (D), Low (L), Medium (M), and High (H). |
C | Indicates the level of protection required for Confidentiality, which is obtained by lookup in the LDAP directory used for security policy. The levels are: Default (D), Low (L), Medium (M), and High (H). |
Possible Values for Event
- Logon
- Logoff
- Logon failed
This value means a logon failed for reasons other than “Bad User,” “Bad Account,” “Bad Password,” “Bad profile,” “IP restrict,” “Auth failed,” “Bad auth,” or “Secur policy.” Currently, those other reasons are a failure to conform to Logon Rules or an attempt to log on without a password, where the TDP logon exit does not approve the logon.
- Bad user
- Bad account
This value means the user provided an account string during logon time, but that string does not match any of the account names specified for the user in the SQL CREATE USER or MODIFY USER statement.
- Bad password
- Bad profile
The external profile associated with the logon request does not exist. External profiles are stored in the directory server.
- Forced off
This value indicates that the user session was terminated from the system console or the PM/API.
- IP restrict
This value indicates the user is not permitted to log on from the IP address used.
- Auth failed
This value indicates an authentication error.
- Bad auth
This value may indicate other authentication errors: bad authentication field, deprecated logons, decryption failure, and so forth.
- Secur policy
This value indicates that a logon attempt failed because of a security policy violation.
Possible Values for LogonRedrive
Value | Description |
---|---|
' ' | Not participating |
MEMORY NON-FALLBACK RESPONSES | Memory-based Redrive participation |
NULL or blanks | Session is not participating in Redrive and database restarts will not be transparent to applications and users. |
Possible Values for ProxyLogon
Value | Description |
---|---|
T | The ProxyLogon column indicates if Unity has logged a user onto a TD2 session using existing credentials, when that user was successfully logged on by another Unity-managed Vantage system using TD2. When this occurs, ProxyLogon is set to T. |
F | False indicates the TD2 session logged on or attempted to log on with a valid password. |
Possible Values for RecoverableNetworkProtocol
Value | Description |
---|---|
T | True |
F | False |
Possible Values for SecurityPolicy and UnitySecurityPolicy
- No Policy
- Plaintext
- Integrity, Default
- Integrity, Low
- Integrity, Medium
- Integrity, High
- Confidentiality, Default
- Confidentiality, Low
- Confidentiality, Medium
- Confidentiality, High
SecurityPolicy and UnitySecurityPolicy are used to provide audit trail information for the security policy.
Possible Values for ServerConfType
Value | Description |
---|---|
E | TDGSS used for encryption, either enforced by policy or asserted by a Client. |
O | May be encrypted using TDGSS or unencrypted, as asserted by a Client, or because it cannot be determined. |
T | TLS used for encryption. |
U | Unencrypted, as asserted by a Client Interface. |
Possible Values for ServerUnityConfType
Value | Description |
---|---|
E | TDGSS used for encryption, either enforced by policy or asserted by Unity. |
O | May be encrypted using TDGSS or unencrypted. Cannot be determined by the gateway. |
T | TLS used for encryption. |
U | Unencrypted, as asserted by Unity. |
Possible Values for UnityConfType
Value | Description |
---|---|
E | TDGSS used for encryption. |
F | TLS was attempted but the handshake failed, so this is an attempt to fallback to using TDGSS for encryption. This is otherwise equivalent to "E". |
T | TLS used for encryption. |
U | Unencrypted. |