Teradata Server Software Enforcement of Trusted Sessions - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
sgu1628111251052.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
dvv1472243528022
lifecycle
latest
Product Category
Teradata Vantage™

It is assumed that applications that use the trusted sessions feature will submit both trusted and nontrusted requests. It is the application, and not Vantage, that knows which requests can be trusted and which cannot. Vantage just verifies that the SET QUERY_BAND request with a PROXYUSER is a trusted request if the logon user has the WITH TRUST_ONLY option set.

Server software enforces trusted requests by means of GRANT CONNECT THROUGH requests that set trusted users to have the TRUST_ONLY privilege. If you specify the WITH TRUST_ONLY option for a trusted user, Vantage validates that a request to set a Proxy User is trusted; otherwise, it aborts the request and returns an error to the requestor.

Suppose a middle tier application submits the following SET QUERY_BAND request with a PROXYUSER.

SET QUERY_BAND = 'PROXYUSER=client787';

The following outcomes are possible, depending on whether the request is trusted and what CONNECT THROUGH privileges have been granted to the application user that submits it.

IF the trusted user has … AND the Trusted flag of the Options parcel … THEN the request is …
been granted the TRUST_ONLY privilege is set to Y trusted.

SET QUERY_BAND PROXYUSER requests are permitted.

  is set to N not trusted.

SET QUERY_BAND PROXYUSER requests are aborted.

not been granted the TRUST_ONLY privilege is set to Y neither trusted nor not trusted.

Vantage ignores the setting of the flag.

  is set to N neither trusted nor not trusted.

Vantage ignores the setting of the flag.

This is the default setting.