Example: Security Constraint Hierarchical Rules - Analytics Database - Teradata Vantage

SQL External Routine Programming

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
iiv1628111441820.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
B035-1147
lifecycle
latest
Product Category
Teradata Vantageā„¢
Operation Example Rule
INSERT The current session must have a security label valid for the security constraint. The session label is entered as the constraint column value for the new row.

Purpose: Allows any user with table level insert privileges to insert a new row. Assumes that the user security level is appropriate for the new data.

SELECT The session security label must equal or exceed the row label or the operation fails.

Purpose: Only users classified equal to or higher than a row can read row data.

UPDATE The session security label must equal or exceed the row label or the operation fails. If the operation is allowed, the updated row uses the session security label for the constraint column value.

Purpose: Restricts access to equivalent/higher level users. The row is automatically reclassified to the user level in case the user adds data with a higher classification.

DELETE The row cannot be deleted unless the constraint column value is at the lowest security level.

Purpose:Ensures that a row is reviewed and declassified before it can be deleted.