Security Constraint UDFs - Analytics Database - Teradata Vantage

SQL External Routine Programming

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-07-11
dita:mapPath
iiv1628111441820.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
B035-1147
lifecycle
latest
Product Category
Teradata Vantageā„¢

A security constraint UDF defines and enforces the rules that determine whether to allow execution of an INSERT, SELECT, UPDATE, or DELETE statement on a row of a table that is defined with a security constraint.

When the SQL statement is executed, Vantage runs the associated security UDF to verify if the requesting user has the access level required to perform the operation as compared to the security level assigned to the row.

If the requesting user does not have the required access level, the UDF denies the request and request processing moves on to the next applicable row. If a requesting user has the OVERRIDE privilege for an SQL operation, Vantage bypasses the UDF that restricts the operation. If the security constraint object does not specify a UDF for an SQL operation, the operation succeeds only if the user has the corresponding OVERRIDE privilege.

In normal usage, users do not directly call security constraint UDFs in an SQL statement. Instead, Vantage automatically calls the required functions when an INSERT, SELECT, UPDATE, or DELETE statement is executed against a table in which a security constraint has been defined. Therefore, you do not need to grant EXECUTE FUNCTION privileges on security constraint UDFs to users who must access the protected tables. However, if you are a security administrator or you are developing a security constraint UDF and want to test the return value of the constraint function, you can explicitly call the constraint function in a SELECT statement. In this case, you must have EXECUTE FUNCTION privilege on the constraint function.