Assessing User Needs | Teradata Vantage - 17.20 - Assessing User Needs - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Analytics Database
Teradata Vantage
Release Number
June 2022
English (United States)
Last Update

To prepare for creating and provisioning database users:

  1. Make a list of all users that require access to the database, and identify each one according to functional category. Minimize the number of user types to simplify user management.
  2. Define user resource requirements for use in creating profiles:
    • Examine user space requirements:
      • Users who create or own databases, tables, and other space-consuming objects require permanent storage space (perm space).
      • Users who submit SQL queries, macros, stored procedures or other executable requests require spool space to contain the temporary database structures used to the run the requests.
    • Define user accounting requirements for resource accounting and prioritizing each user request. Then create the accounts, as shown in Teradata Vantage™ - Database Administration, B035-1093, and assign the accounts to users, either directly or through use of profiles. Each account can specify:
      • A priority level (low, medium, high, and rush)
      • An account identifier that specifies such things as department, group, and function
      • A date and time stamp
    • Define the user default database (the database where the user most often works) to avoid specifying the database as part of each request.
    • Define password control parameters. Consider your site security policy and decide whether or not all users can share the global default password parameters referenced in Setting Up the Administrative Infrastructure, or if you need to set these parameters separately for groups of users.
    • Determine whether users are subject to row level security constraints that should be assigned in profiles. See Working with Constraint Assignments.
      Users that log on through applications that pool sessions do not have access to personal profiles, and instead defer to the profile for the application user or trusted user.
  3. Review the database objects (such as views, tables, macros, functions, and procedures) that users or user groups must access to do their job. Identify groups of users with common database privilege requirements and create roles to define the privileges for each group, rather than granting privileges to individual users.