Hybrid Server Administration for Java UDFs
Executing Java UDFs in protected mode (where the CREATE FUNCTION or REPLACE FUNCTION statement does not include the EXTERNAL SECURITY clause) requires additional administration.
The database installation process creates a local, operating system-native user with the name 'tdatuser' on each node the database runs on.
Each node can have one hybrid server that runs under the authorization of the 'tdatuser' operating system user. The server provides multiple threaded execution of protected mode Java UDFs to all AMPs and PEs on the node.
- Do not delete 'tdatuser'.
- Do not add a password for 'tdatuser'.
This prevents logon to the user on the system.
- If you think you need to make changes, please contact the Teradata Support Center first.
In addition to creating 'tdatuser', the installation process also creates a new group on each node called 'tdatudf'. The preceding admonishments apply to the 'tdatudf' group: do not change it.
The 'tdatuser' user has no special privileges on the system. No one should be able to log on as 'tdatuser'.
If an external routine that runs in protected mode needs to access system resources, to open a file for example, you must set the appropriate access privileges to include 'tdatuser'.
The hybrid server uses a global configuration setting to determine the maximum number of threads for running Java UDFs. To view or change global configuration settings for external routines, use the cufconfig utility. For more information, see Teradata Vantage™ - Database Utilities, B035-1102.
Java Secure Server Administration
- Java external stored procedures
- Java UDFs where the CREATE FUNCTION or REPLACE FUNCTION statement includes the EXTERNAL SECURITY clause
Executing Java external routines in secure mode requires additional administration.
IF the external routine is … | THEN … |
---|---|
an external stored procedure where the CREATE PROCEDURE or REPLACE PROCEDURE statement does not include the EXTERNAL SECURITY clause | the external stored procedure runs in protected execution mode as a separate process under 'tdatuser', a local operating system user that the database installation process creates. Follow the administration guidelines for the 'tdatuser' user from the preceding section, "Hybrid Server Administration for Java UDFs". |
a UDF or external stored procedure where the CREATE/REPLACE FUNCTION or CREATE/REPLACE PROCEDURE statement includes the EXTERNAL SECURITY clause | Vantage uses a separate secure server to execute the external routine under the authorization of a specific native operating system user established by a CREATE AUTHORIZATION or REPLACE AUTHORIZATION statement. If an external routine that runs in secure mode needs to access system resources, to open a file for example, you must set the appropriate access privileges to include the user established by the CREATE AUTHORIZATION or REPLACE AUTHORIZATION statement. |
The database uses a global configuration setting to determine the maximum number of secure servers that can execute external routines. To view or change global configuration settings for external routines, use the cufconfig utility. For more information, see Teradata Vantage™ - Database Utilities, B035-1102.