CREATE/REPLACE AUTHORIZATION | Teradata Connector | QueryGrid - Syntax Elements (CREATE/REPLACE AUTHORIZATION) - Teradata QueryGrid

QueryGrid™ Installation and User Guide - 3.06

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Teradata QueryGrid
Release Number
3.06
Published
December 2024
ft:locale
en-US
ft:lastEdition
2024-12-07
dita:mapPath
ndp1726122159943.ditamap
dita:ditavalPath
ft:empty
dita:id
lxg1591800469257
lifecycle
latest
Product Category
Analytical Ecosystem
database_name.
user_dbname.
Optional name of the location where the authorization is to be stored.
The default location that is used changes based on whether DEFINER or INVOKER is specified. The following rules apply to specifying DEFINER or INVOKER:
  • If specifying DEFINER, the database or user specified must be the containing database or user for the foreign server, UDF, table UDF, method, or external SQL procedure. If no location is specified, the authorization is created in the database containing the foreign server objects (TD_SERVER_DB).
  • If specifying INVOKER, the database_name or user_dbname specified must be associated with the session user sending requests to the foreign server. If no location is specified, the authorization is placed in the user database of the authorization creator.
authorization_name
Name for the authorization object. This must be a unique name within the database where the name is stored.
INVOKER
DEFINER
  • If specifying INVOKER TRUSTED, or TRUSTED alone, Teradata creates the authorization object in the database of the user who creates the object. This syntax makes the authorization available only to those with privilege to the user database.
  • If specifying DEFINER TRUSTED or DEFINER DEFAULT TRUSTED, Teradata creates the authorization object in the database that contains the object using the authorization; for a foreign server this is the TD_SERVER_DB database. This syntax makes the authorization globally available.
TRUSTED
A keyword used to specify that the credentials are encrypted and stored as database objects.
When using an authorization object, you must use the TRUSTED security type for the QueryGrid Teradata connector.
You cannot use TRUSTED authorizations in CREATE or REPLACE UDF or XSP statements.
'fs_user_name'
'fs_user_name@realm_name'
The name of the credential on the remote platform used by the foreign server.

The user name for the authorization object can consist of a user name alone or a user name and the name of the Kerberos realm. When only the user name is specified, the default realm specified in the krb5.conf file is used for kinit.

If including the Kerberos realm name, the default realm is ignored and the realm specified in the authorization object is used for kinit. Include a Kerberos realm name if you have one of the following situations:
  • You want users to be able to connect to multiple Kerberized clusters, each from a different realm, from the same Teradata system.
  • You want users to be able to connect to a Kerberized cluster where the authentication realm is different from the service realm.
If used with the name of the Kerberos realm, the user_name portion cannot also contain an @ sign.
'fs_password'
The password for the credential on the remote platform used by the foreign server.
All existing rules for CREATE AUTHORIZATION and REPLACE AUTHORIZATION apply.
For more information about using CREATE AUTHORIZATION and REPLACE AUTHORIZATION, see Teradata® Database SQL Data Definition Language - Syntax and Examples, B035-1144.