Permanent Proxy Users - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantage™

A permanent proxy user is an existing permanent user who is defined to Vantage. A GRANT CONNECT THROUGH request validates that a permanent proxy user who is specified in that request exists in Vantage. The anticipated use of permanent proxy users is for intranet-type middle tier applications that, for example, might display employee pay stubs or information about available vacation time.

Vantage assigns the name of the permanent proxy user as the creator of any objects created while the proxy connection is in effect.

You cannot have duplicate application and permanent proxy user names for the same trusted user. For example, consider the following GRANT CONNECT THROUGH requests submitted in the order indicated:

GRANT CONNECT THROUGH crm TO PERMANENT mary WITHOUT ROLE;
GRANT CONNECT THROUGH crm TO mary WITH ROLE hr_role;

The second request returns a duplicate proxy user name error because the permanent proxy user named mary already exists as granted through trusted user crm.

The roles that can be set for a permanent proxy user in a proxy connection are different depending on the WITH ROLES clause in the GRANT CONNECT THROUGH request, as listed in the following table.

IF you specify a … THEN …
WITH ROLE clause in your GRANT CONNECT THROUGH request
  • all role names you specify are active in the proxy connection by default.

    The roles in the WITH ROLE clause do not need to be granted directly to the user. The GRANT CONNECT THROUGH request grants this privilege by default.

  • the specified roles are the only roles that can be set for the proxy connection.
  • setting the current role to NONE or NULL in the proxy connection is not permitted.
  • the privileges for the proxy connection are those for its active roles and PUBLIC.
WITHOUT ROLE clause in your GRANT CONNECT THROUGH request
  • the default role for the proxy connection is the default role defined for the permanent user.
  • the roles that can be set for the proxy connection are restricted to those granted to the user.

    In this case, the role in the proxy connection can also be set to NONE or NULL.

  • the privileges for the proxy connection are those granted to the permanent user, its active roles, and PUBLIC.