As-A-Service System Users | Teradata Vantage - As-A-Service System Users - Analytics Database

As-A-Service System Users | Teradata Vantage - As-A-Service System Users - Analytics Database - Teradata Vantage

Database Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

ft:locale

en-US

ft:lastEdition

2024-10-04

dita:mapPath

pgf1628096104492.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

ujp1472240543947

lifecycle

latest

Product Category

Teradata Vantage™

The security guidelines outlined in other sections of this security guide are not applicable to VantageCloud Lake and VantageCloud Enterprise platforms.

The following table lists pre-installed database users intended for Teradata personnel and services who are responsible for performing As-A-Service administrative tasks on VantageCloud Enterprise systems. These users are also created on VantageCore systems (on-premises) to support use cases. On systems not configured for managed cloud services, their logon SQL access right is disabled.

System User	Administrative Role
TDaas_Support	Problem and error investigation
TDaaS_Maint	Database software patching and configuration
TDaaS_Monitor	Monitoring resource usage
TDaaS_BAR	Backup and restore of customer databases
TDaaS_DB	Owning database for as-a-service objects such as stored procedures

Password Management

The passwords for As-A-Service users residing on managed cloud systems are securely managed with Teradata controlled vaults and services. For on-premises installations, the absence of the logon access right overrides any potential use of passwords.

SQL Access Rights

As-A-Service users are limited to performing operations allowed by the access rights explicitly granted to them during installation using SQL GRANT statements. The following table summarizes the access rights granted to each user. For a detailed list of all rights held, users can query Dictionary views including DBC.AllRightsV. In addition, the audit trail provided by system view DBC.LogonOffV includes the logons and sessions from As-A-Service users.

System User	SQL Access Rights
TDaaS_Support	SELECT on Dictionary tables and views SELECT on system PDCR databases containing performance metadata EXECUTE PROCEDURE on SystemFE and TDaaS_DB
TDaaS_Maint	ALL rights on Dictionary (DBC) objects except DML updates and Drop ALL rights on system installed and owned databases (non-customer) Rights to create and drop Profiles and Maps
TDaaS_Monitor	SELECT on Dictionary tables containing DBQL and RSS metadata SELECT on system PDCR databases containing performance metadata SELECT and EXECUTE PROCEDURE on SystemFE
TDaaS_BAR	DUMP and RESTORE on all databases
TDaaS_DB	SELECT on Dictionary objects referenced in its stored procedures

Modifying As-A-Service Users

For managed cloud systems, As-A-Service users and their passwords are owned and managed exclusively by Teradata. Customer-controlled users, including the DBC user, are prevented from modifying them. Attempts to modify their passwords or access rights results in a failure indicating that As-A-Service user accounts cannot be altered. For systems not configured for managed cloud services including VantageCore, user DBC maintains full control over these users including the ability to drop them if desired.