Server Administration for Java External Routines | Teradata Vantage - Server Administration for Java External Routines - Analytics Database - Teradata Vantage

SQL External Routine Programming

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
iiv1628111441820.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
B035-1147
lifecycle
latest
Product Category
Teradata Vantage™

Hybrid Server Administration for Java UDFs

Executing Java UDFs in protected mode (where the CREATE FUNCTION or REPLACE FUNCTION statement does not include the EXTERNAL SECURITY clause) requires additional administration.

The database installation process creates a local, operating system-native user with the name 'tdatuser' on each node the database runs on.

Each node can have one hybrid server that runs under the authorization of the 'tdatuser' operating system user. The server provides multiple threaded execution of protected mode Java UDFs to all AMPs and PEs on the node.

Follow these rules to guarantee that your external routines and database function properly:
  • Do not delete 'tdatuser'.
  • Do not add a password for 'tdatuser'.

    This prevents logon to the user on the system.

  • If you think you need to make changes, please contact the Teradata Support Center first.

In addition to creating 'tdatuser', the installation process also creates a new group on each node called 'tdatudf'. The preceding admonishments apply to the 'tdatudf' group: do not change it.

The 'tdatuser' user has no special privileges on the system. No one should be able to log on as 'tdatuser'.

If an external routine that runs in protected mode needs to access system resources, to open a file for example, you must set the appropriate access privileges to include 'tdatuser'.

The hybrid server uses a global configuration setting to determine the maximum number of threads for running Java UDFs. To view or change global configuration settings for external routines, use the cufconfig utility. For more information, see Teradata Vantage™ - Database Utilities, B035-1102.

Java Secure Server Administration

The database uses a secure server mechanism to execute the following:
  • Java external stored procedures
  • Java UDFs where the CREATE FUNCTION or REPLACE FUNCTION statement includes the EXTERNAL SECURITY clause

Executing Java external routines in secure mode requires additional administration.

IF the external routine is … THEN …
an external stored procedure where the CREATE PROCEDURE or REPLACE PROCEDURE statement does not include the EXTERNAL SECURITY clause the external stored procedure runs in protected execution mode as a separate process under 'tdatuser', a local operating system user that the database installation process creates.

Follow the administration guidelines for the 'tdatuser' user from the preceding section, "Hybrid Server Administration for Java UDFs".

a UDF or external stored procedure where the CREATE/REPLACE FUNCTION or CREATE/REPLACE PROCEDURE statement includes the EXTERNAL SECURITY clause Vantage uses a separate secure server to execute the external routine under the authorization of a specific native operating system user established by a CREATE AUTHORIZATION or REPLACE AUTHORIZATION statement.

If an external routine that runs in secure mode needs to access system resources, to open a file for example, you must set the appropriate access privileges to include the user established by the CREATE AUTHORIZATION or REPLACE AUTHORIZATION statement.

The database uses a global configuration setting to determine the maximum number of secure servers that can execute external routines. To view or change global configuration settings for external routines, use the cufconfig utility. For more information, see Teradata Vantage™ - Database Utilities, B035-1102.