Configuring a Confidentiality QOP Policy | Teradata Vantage - 17.20 - Configuring a Confidentiality QOP Policy - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

You can configure confidentiality policies to enforce confidentiality, at a specified algorithm strength, for all sessions regardless of whether they request encryption.

Confidentiality policy only applies to the TD2, KRB5, LDAP, and PROXY mechanisms. See the comparison table in System Processing of Confidentiality and Integrity QOP Policies.

If a session subject to a Confidentiality QOP uses the Kerberos authentication mechanism (which does not support QOP policy), the system enforces the use of confidentiality, but ignores the QOP algorithm specified in the policy and uses the algorithm provided by Kerberos.

Confidentiality policies are based on the configuration of the low, medium, and high QOP entries in the TdgssUserConfigFile.xml. You must enable these QOP entries in the configuration file before configuring a confidentiality policy. For information, see Working with Quality of Protection Options.



To configure a confidentiality QOP policy:

  1. Examine the TdgssUserConfigFile.xml and make sure that the QOP entries are enabled and set according to your requirements. See Working with Quality of Protection Options.
  2. Create the confidentiality QOP container. See Creating the conf-qops Container.
  3. Create the needed confidentiality QOP objects. See Creating Confidentiality QOP Objects in the Confidentiality QOP Container.
  4. Add members to each confidentiality QOP to define QOP effects. Adding Members to a Confidentiality QOP to Require QOP Usage.
    You can also apply the default confidentiality QOP by host group. See Requiring Confidentiality.
  5. [Optional] Remove members from a confidentiality QOP to remove QOP effects. See Removing Members from a Confidentiality QOP.