Access-Monitoring Implementation Process | Teradata Vantage - Access-Monitoring Implementation Process - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-02
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
  1. Review the logging that occurs automatically. See Default Logging.
  2. Implement logging for permanent database users.
    1. Set up the DBC.ACCLogRule macro. See Setting Up the DBC.AccLogRule Macro.
    2. Use the BEGIN LOGGING statement to define logging rules and enable logging. See Enabling Logging with the BEGIN LOGGING Statement.
    3. Check the DBC.AccLogRuleTbl table after running each BEGIN LOGGING statement to make sure the rule is correct. See Verifying that the Access Log Rule Is Correct.
  3. If directory-based users have access to the database, you can implement directory user logging. See Using Access Logging for Directory-Based Users.
  4. If you set up middle-tier applications as trusted users, review Using Access Logging for Proxy Users to understand how the database logs proxy users.
  5. Review the sample implementation to see a typical setup for access logging. See Sample Implementation of Access Logging.
  6. Review access logs and investigate suspect entries. See Investigating Database Access Attempts.
  7. Periodically purge access logs to limit the space devoted to storing log data. See Access Log Maintenance.
For information about logging access to objects protected by row level security, see Using Access Logging with Row Level Security.

Network Encryption Auditing

You may audit the security level used by the client interfaces when communicating with the gateway. This audit shows the security level that client interfaces are using on the network when sending messages to the database. The messages are logged to the gateway log. This feature is enabled from gtwcontrol.

For more information, see Using Network Encryption Auditing.