Security Logon Operation - Teradata Director Program

Teradata® Director Program Reference

Product
Teradata Director Program
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
bvb1608578422774.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
B035-2416
Product Category
Teradata Tools and Utilities
The security logon operation is a four-stage process that involves:
  • TDP
  • The z/OS System Authorization Facility (SAF)
  • Your external security manager
  • Database
  1. At logon time, if the security logon function is enabled, TDP compares the database system user id supplied by the logon application with the authid associated with the requesting mainframe address space:
    IF there is . . . THEN . . .
    a match, either explicit or implicit (no database system userid supplied) TDP allows the logon to proceed with no further security processing.
    not a match TDP sends logon validation and authorization requests to the SAF interface to determine:
    • First, whether the user/authid is valid (validation)
    • And, if it is valid, whether the user/authid is allowed access to the particular TDP (authorization)
  2. The SAF interface routes the logon validation and authorization requests to the external security manager.
  3. The external security manager checks its own database or repository to identify the user and verify access authorization.
  4. The external security manager response to the SAF validation and authorization requests indicates:
    • Whether the validation request succeeded or failed
    • Whether the authorization request was approved or disapproved
    • Any reason codes associated with a failed or disapproved request