The secure zones feature allows you to create one or more exclusive database hierarchies, called zones, within a single Teradata database system. Access to the data in each zone and zone administration is handled separately from the Teradata database system and from other zones.
Secure zones are useful in situations where the access to data must be tightly controlled and restricted. You can also use secure zones to support some regulatory compliance requirements for the separation of data access from database administration duties.
For example, consider the following use of secure zones. Suppose you have a multinational company or conglomerate enterprise with many subsidiaries. You can create a separate zone for each of the subsidiaries. If your company has divisions in different countries, you can create separate zones for each country to restrict data access to the personnel that are citizens of that country. Your corporate personnel can manage and access data across multiple zones while the subsidiary personnel in each zone have no access to data or objects in the other zones. A system-level zone administrator can manage the subsidiary zones and object administration can be done by either corporate DBAs or zone DBAs, as required.
With secure zones, you can ensure the following:
Another typical scenario is the case of cloud companies that host multiple data customers as tenants. Companies that offer cloud-based database services can host multiple tenants within a single Teradata Database system, using zones to isolate the tenants from each other as if they were running on physically segregated systems. Zone DBAs can administer database objects in their own zone as required. The tenant zones can be managed by a system-level zone administrator, where Teradata acts as the system administrator.
With secure zones, you can ensure the following: