You can run the tdspolicy tool from the command prompt on a Teradata Vantage node to investigate the security policy assignments that are currently in effect for a specific combination of user, profile, and logon IP address.
You can use tdgssauth to obtain the tdspolicy command line arguments.
For example:
tdspolicy -u user -i ip_address [-s service] [-p profile]
- user
- Specify a Vantage user name in these cases:
- The user is authenticated by Teradata (TD2 mechanism)
- The user is authenticated by Kerberos (KRB5 mechanism) or LDAP and AuthorizationSupported=no
- The user is authenticated by Kerberos (KRB5 mechanism) or LDAP, AuthorizationSupported=yes, and the user is mapped to a tdatUser entry.
If a directory user is mapped to multiple tdatUser objects, and more than one object has security policy assignments, the most restrictive policy applies. For details, see the configuration instruction for each policy type.
- ip_address
- The IP address from which the user logs on.
- service
- [Required to return information on a local security policy.] Specify the DN of the service that contains the local policy.
- profile
- [Optional] Identifies an existing profile that is assigned to the user.
For externally authenticated or authorized users, you can use tdgssauth to obtain the tdspolicy command line arguments:
$ tdgssauth -m ldap -u diperm01 -i 192.0.2.205 TDGSS_BIN_FILE not set. TDGSSCONFIG GDO used in tdgss. Please enter a password: Status: authenticated, not authorized Database user: perm01 [permanent user] Profile: profile01 External roles: extrole01perm01, extrole02perm01, extrole03perm01 Authenticated user: ldap://esroot.example.com:389/CN=diperm01,OU=people,OU=testing,DC=example,DC=com Audit trail identifier: diperm01 Authenticating service: esroot1 Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20] Mechanism specific data: diperm01 Security context capabilities: replay detection out of sequence detection confidentiality integrity protection ready exportable security context Minimum quality of protection: high with confidentiality and integrity Options: none $