External Security Clause - Analytics Database - Teradata Vantage

SQL Data Definition Language Detailed Topics

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
vuk1628111288877.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
B035-1184
lifecycle
latest
Product Category
Teradata Vantage™

This clause is mandatory for all methods that perform operating system I/O. Failing to specify this clause for a method that performs I/O can produce unpredictable results and even cause the database, if not the entire system, to reset. See CREATE AUTHORIZATION and REPLACE AUTHORIZATION.

Note that authorization_name is an optional Teradata extension to the ANSI SQL:2011 standard.

When a method definition specifies EXTERNAL SECURITY DEFINER, then that method executes:
  • Under the OS user associated with the specified external authorization using the context of that user.
    IF the method runs in this mode … THEN the OS user must be …
    protected tdatudf, which must be a member of the tdatudf OS group.
    secure an OS user assigned to an authorization name using the CREATE AUTHORIZATION statement.

    The specified OS user must belong to the tdatudf OS group.

  • The external security authorization associated with the method must be contained within the same database as the method.
The following rules apply.
  • If you do not specify an authorization name, then you must create a default DEFINER authorization name before a user attempts to execute the method.
  • If you have specified an authorization name, then an authorization object with that name must be created before the you can execute the method.

    The system returns a warning message to the requestor when no authorization name exists at the time the method is being created.