Identity Token Authorization - Identity Token Authorization - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems - 20.00

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Call-Level Interface Version 2
Release Number
20.00
Published
January 2024
ft:locale
en-US
ft:lastEdition
2024-11-15
dita:mapPath
bmn1691484839905.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
fvz1470444150352
lifecycle
latest
Product Category
Teradata Tools and Utilities

Identity Token Support allows for the following permission models with regard to token generation:

  • Any to Any
    • Authorized job submitter userid can generate JWT for any authorized JWT userid.
  • One to one
    • Authorized job submitter userid can only generate JWT for same userid.
  • One to Many
    • Authorized job submitter userid can only generate JWT for same userid and optionally can generate JWT for explicitly configured other authorized userids.

To further describe these models, consider an environment with two users both of whom have necessary authorizations to submit jobs, logon to Teradata Vantage, and invoke token generation. The following describes example authorizations for these users with the different permission models:

  • Any to Any
    • User1 can submit a job and get a JWT for User1 or User2
    • User2 can submit a job and get a JWT for User2 or User1.
  • One to one
    • User1 can submit a job and only get a JWT for User1
    • User2 can submit a job and only get a JWT for User2
  • One to Many (where we explicitly configured ability for User1 to additionally get JWT for User2)
    • User1 can submit a job and get a JWT for User1 or User2
    • User2 can submit a job and only get a JWT for User2