External Security Manager Interface - Teradata Director Program

Teradata® Director Program Reference - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Teradata Director Program
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-17
dita:mapPath
cki1641301536147.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
frc1470439950465
Product Category
Teradata Tools and Utilities

TDP provides an external security manager interface to the System Authorization Facility (SAF) on z/OS client systems. External security managers such as RACF and ACF2 can use SAF for logon validation and authorization, thus controlling access to the database without direct interaction with the RDBMS itself.

Using TDP and an external security manager, system security administrators can maintain a separate external database or repository of resource profiles and access rules for the database, as well as for TSO, CICS, DB2, and so on. This approach, called security logon, significantly enhances the convenience and flexibility of system security administration.

Since SAF assumes all character data is in EBCDIC but a database system userid can be in non-EBCDIC character sets, unexpected rejections or security exposures are possible. A userid known to the external security manager in EBCDIC would not be recognized if specified in ASCII. A userid specified in ASCII might consist of the same bytes as an EBCDIC userid known to the external security manager and erroneously match. Such problems could be circumvented by using different classes for userids encoded in different character sets. On a request by request basis, the TDPLGUX exit can override the default class from the ENABLE SECLOGON command based on the character set.