Security Constraint UDFs | Teradata Vantage - 17.20 - Security Constraint UDFs - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

A security constraint UDF defines and enforces the rules that determine whether to allow or deny the use of an INSERT, SELECT, UPDATE, or DELETE statement on a table row.

Each constraint UDF restricts an SQL operation based on a coded rule. UDF rules vary by SQL operation and whether the constraint system is a hierarchical (level) or non-hierarchical (compartment) labeling system.

Hierarchical and non-hierarchical constraints require different kinds of UDFs.

Each time a user accesses a row, the system invokes the UDF associated with the SQL operation (for example, INSERT) to determine if the user can perform the operation. If the requesting user does not have the access level required to perform the operation on the row, the UDF denies the request and request processing moves on to the next applicable row.

The system does not require that the user have EXECUTE FUNCTION privileges on the automatically invoked UDFs.

If the CONSTRAINT object does not specify a UDF for an SQL operation, the operation succeeds only if the user has the corresponding OVERRIDE privilege.

If a requesting user has the OVERRIDE privilege for an SQL operation, the request bypasses the UDF that restricts the operation.