Security Classification Types and Required CONSTRAINT Object Settings - Analytics Database

Security Classification Types and Required CONSTRAINT Object Settings - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

Settings for some options in a security CONSTRAINT object depend on the type of security classification it represents.

Classification Type	Description/Settings
Hierarchical (Non-Set)	All label values are hierarchically related members of the classification category defined by the CONSTRAINT object name. Required settings: Data type: smallint The corresponding constraint column automatically inherits the data type. The smallint data type allows a range of 1 to 10,000 values. VALUES: The set of name:value pairs in the hierarchy, for example, for the security clearance category: Top Secret:4, Secret:3, Classified:2, Unclassified:1 One integer value from the name:value pairs is assigned to each row in a corresponding constraint column. Users may be assigned multiple values. Row access is based on comparing the session values to the row values.
Non-Hierarchical (Set)	All label values are individual compartments in the classification category defined by the CONSTRAINT object name, and have the same relative weight. Required settings: Data type - byte(n). Allows specification of 1 to 8 times the number of values (compartments) as the number of bytes defined by (n), up to 256 values (32 bytes). VALUES - The set of name:value pairs that represent all compartments in the category, for example, for the country category: USA:1, UK:2, Canada:3, Japan:4...[country:value] A system uses the user constraint values as the default session value. Row access is based on comparing the session values to the row values. The system automatically encodes the applicable constraint values as a binary string that represents the value as a unique bit position (rather than a numeric value), allowing up to 256 values to appear in the column. When doing an INSERT or UPDATE to a table, if the user has OVERRIDE privileges, the operation must supply the hex values. See Example: Loading Tables with User OVERRIDE Privileges.

Classification Type

Description/Settings

Hierarchical
(Non-Set)

All label values are hierarchically related members of the classification category defined by the CONSTRAINT object name.

Required settings:

Data type: smallint
The corresponding constraint column automatically inherits the data type. The smallint data type allows a range of 1 to 10,000 values.
VALUES: The set of name:value pairs in the hierarchy, for example, for the security clearance category:
Top Secret:4, Secret:3, Classified:2, Unclassified:1

One integer value from the name:value pairs is assigned to each row in a corresponding constraint column. Users may be assigned multiple values.

Row access is based on comparing the session values to the row values.

Non-Hierarchical
(Set)

All label values are individual compartments in the classification category defined by the CONSTRAINT object name, and have the same relative weight.

Required settings:

Data type - byte(n).
Allows specification of 1 to 8 times the number of values (compartments) as the number of bytes defined by (n), up to 256 values (32 bytes).
VALUES - The set of name:value pairs that represent all compartments in the category, for example, for the country category:
USA:1, UK:2, Canada:3, Japan:4...[country:value]

A system uses the user constraint values as the default session value. Row access is based on comparing the session values to the row values.

The system automatically encodes the applicable constraint values as a binary string that represents the value as a unique bit position (rather than a numeric value), allowing up to 256 values to appear in the column.

When doing an INSERT or UPDATE to a table, if the user has OVERRIDE privileges, the operation must supply the hex values. See Example: Loading Tables with User OVERRIDE Privileges.