Logging On Using External Authentication | GRANT LOGON | Teradata Vantage - Logging On Using External Authentication - Analytics Database

Logging On Using External Authentication | GRANT LOGON | Teradata Vantage - Logging On Using External Authentication - Analytics Database - Teradata Vantage

SQL Data Control Language

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

ft:locale

en-US

ft:lastEdition

2023-07-11

dita:mapPath

sgu1628111251052.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

dvv1472243528022

lifecycle

latest

Product Category

Teradata Vantage™

External authentication permits a user to log on to a computer one time and access a database without providing a user name, password, or account name. To enable this, you must explicitly map any directory users who are not already mapped to Vantage users in the directory. If you do not create an explicit mapping between an unmapped user and Vantage, that directory user cannot log on to Vantage.

You can explicitly map a directory user to the following objects:

EXTUSER.
Mapping to EXTUSER is the most commonly used method.

You cannot assign row-level security privileges to EXTUSER.

If the AuthorizationSupported property is set to yes in the TdgssUserConfigFile.xml file, and a user attempts to log on to the database, the user is authenticated by the directory. If auto provisioning is turned on, then the user is not logged on as EXTUSER. Instead, the database creates an account for the user in DBC.Dbase and logs the user on using that account. Auto provisioned users are not permanent users and must always authenticate against the directory.
For more information about EXTUSER and auto provisioning, see Teradata Vantage™ - Analytics Database Security Administration, B035-1100.
A Profile.
A Role.
A Teradata user.

Another way to do this is to grant the user logon privileges with a null password.

The following procedure creates a user who can log on to the system through a gateway that does not have the Append Domain Name option set using the Gtwcontrol utility. This user is already defined as user rhh.

Create user rhh using the following CREATE USER request:
```
CREATE USER rhh AS
PERM = 10000000,
PASSWORD = rhh;
```
Grant user rhh the following logon privileges using a GRANT LOGON request:
```
GRANT LOGON ON ALL
 TO rhh
 WITH NULL PASSWORD;
```

The following procedure creates a Vantage user who can log on to a Teradata system through a gateway that has Append Domain Name set. This user is already defined as user rhh and her account is in the esw2kdev domain.

Create user rhh using the following CREATE USER request:

CREATE USER "rhh@esw2kdev" AS
 PERM = 10000000,
 PASSWORD = rhh;

Grant user rhh the following logon privileges using a GRANT LOGON request:
```
GRANT LOGON ON ALL
 TO "rhh@esw2kdev"
 WITH NULL PASSWORD;
```