17.20 - Working with OS-Level Security Options - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

During installation of Teradata Vantage, the system automatically creates the following default OS-level security structure.

Default User or Group Description
Users
teradata Analytics Database runs as the teradata user, which is a member of the tdtrusted group.
tdatuser Runs UDFs in protected mode and is a member of the tdatudf group.
Groups
tdtrusted Has permission to run OS-level processes and utilities, and provides this permission to member users:
  • teradata (created by default to run the database)
  • Other administrative users that you create who require OS-level access, for example, to run utilities or change the TDGSS configuration.
Although you can run OS-level utilities and processes as root, Teradata recommends that for secure operation you severely limit root access and create individual administrative user accounts in the tdtrusted group to run Teradata utilities and other OS-level functions.

For information on starting utilities that need OS-level of access, see Teradata Vantage™ - Database Utilities, B035-1102.

tdatudf Has permission to run UDFs in protected mode and provides this permission to member users:
  • tdatuser (created by default)
  • Other users you create who need to run UDFs in secure mode
Although most OS-level tasks can be run by the users defined in the preceding table, you must use root access to:
  • Install a new version of Teradata Vantage or Analytics Database
  • Start the database when it is down

If your site security policy requires an alternative OS-level access strategy, contact your Teradata Customer Service representative for assistance.