As-A-Service System Users | Teradata Vantage - As-A-Service System Users - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-02
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
The following table lists pre-installed database users intended for Teradata personnel and services who are responsible for performing As-A-Service administrative tasks on VantageCloud Enterprise systems. These users are also created on VantageCore systems (on-premises) to support use cases. On systems not configured for managed cloud services, their logon SQL access right is disabled.
System User Administrative Role
TDaas_Support Problem and error investigation
TDaaS_Maint Database software patching and configuration
TDaaS_Monitor Monitoring resource usage
TDaaS_BAR Backup and restore of customer databases
TDaaS_DB Owning database for as-a-service objects such as stored procedures

Password Management

The passwords for As-A-Service users residing on managed cloud systems are securely managed with Teradata controlled vaults and services. For on-premises installations, the absence of the logon access right overrides any potential use of passwords.

SQL Access Rights

As-A-Service users are limited to performing operations allowed by the access rights explicitly granted to them during installation using SQL GRANT statements. The following table summarizes the access rights granted to each user. For a detailed list of all rights held, users can query Dictionary views including DBC.AllRightsV. In addition, the audit trail provided by system view DBC.LogonOffV includes the logons and sessions from As-A-Service users.
System User SQL Access Rights
TDaaS_Support
  • SELECT on Dictionary tables and views
  • SELECT on system PDCR databases containing performance metadata
  • EXECUTE PROCEDURE on SystemFE and TDaaS_DB
TDaaS_Maint
  • ALL rights on Dictionary (DBC) objects except DML updates and Drop
  • ALL rights on system installed and owned databases (non-customer)
  • Rights to create and drop Profiles and Maps
TDaaS_Monitor
  • SELECT on Dictionary tables containing DBQL and RSS metadata
  • SELECT on system PDCR databases containing performance metadata
  • SELECT and EXECUTE PROCEDURE on SystemFE
TDaaS_BAR DUMP and RESTORE on all databases
TDaaS_DB SELECT on Dictionary objects referenced in its stored procedures

Modifying As-A-Service Users

For managed cloud systems, As-A-Service users and their passwords are owned and managed exclusively by Teradata. Customer-controlled users, including the DBC user, are prevented from modifying them. Attempts to modify their passwords or access rights results in a failure indicating that As-A-Service user accounts cannot be altered. For systems not configured for managed cloud services including VantageCore, user DBC maintains full control over these users including the ability to drop them if desired.