When users access the database through an application that uses pooled sessions, then:
- if the application is not a trusted user, the row level security constraints for all end users derive from the application logon user. Teradata recommends to not allow users to access tables protected by row level security through non-trusted user applications, because the system cannot apply row level security to the individual end users or track their actions in access logs.
- if the application is a trusted user:
- If the proxy user is linked to a permanent database user by using the TO PERMANENT clause in the GRANT CONNECT THROUGH statement, the row level security constraints derive from the permanent user, including the user profile.
- If the proxy user is not linked to a permanent database user, but has a profile assigned through the GRANT CONNECT THROUGH statement, the row level security constraints derive from the assigned profile.
- If the proxy user is not linked to a permanent database user, and does not have a profile assigned, the system cannot set a row level security constraint for the session, so attempts to access row level security tables fail.
To provide safe access to row level security tables, set up applications for trusted sessions.
- For setup instructions, see Setting Up Trusted User Applications and Proxy Users (Recommended).
- For information on how the system authorizes proxy user access to row level security tables, see Session Constraint Values for Trusted User Applications and Proxy Users.