Setting Up Directory Authentication and Authorization - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
  1. Enable external authentication in the database. See External Authentication Controls.
    • For the Vantage nodes with gateway installed, run:
      gtwcontrol -a ON
    • And, on all Vantage nodes, run dbscontrol and enter m g 26 0
      dbscontrol m g 26 0
  2. Grant external authentication privileges to the matching database users. See External Authentication Requirements.
  3. Verify that the TdgssUserConfigFile.xml contains the following settings. Run dumpcfg to view the TDGSS configuration.
    • MechanismEnabled = “yes” (on both the server and clients)
    • AuthorizationSupported = “yes” (on all database nodes)

      If AuthorizationSupported is not set to yes, the directory user can only have the database privileges available to the matching database username.

  4. (Optional) To use auto provisioning enable the DBSControl AutoProvision parameter.
    dbscontrol m g 81 T
  5. Configure the required LDAP mechanism properties in the TdgssUserConfigFile.xml. See Directory Identification and Search Properties:
    • LdapServerName
  6. Complete edits for the TdgssUserConfigFile.xml and enable them on the systems. The changes are made in the TDGSS site directory. See Changing the TDGSS Configuration. For database nodes, perform the steps in Making Changes to TdgssUserConfigFile.xml on Database Nodes.
  7. Set the LDAP mechanism as the default on all affected clients, or instruct users to specify the LDAP mechanism in the logon string. See the appropriate TTU client guide for how to configure a default mechanism for your client.
  8. Use the logon format for LDAP authentication. See Logging on Using LDAP Authentication and Authorization.