Dictionary Storage of CONNECT THROUGH Metadata - Advanced SQL Engine - Teradata Database

SQL Data Control Language
Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2021-07-27
dita:mapPath
sqd1591723147563.ditamap
dita:ditavalPath
sqd1591723147563.ditaval
dita:id
B035-1149
lifecycle
previous
Product Category
Teradata® Vantage™ NewSQLEngine

The dictionary table DBC.ConnectRulesTbl contains information on which proxy users can connect through which trusted users and what roles are available to make proxy connections. The table contains one row for every trusted_user_name:proxy_user_name combination.

When the system processes a GRANT CONNECT THROUGH request, it writes a row to DBC.ConnectRulesTbl for each of the following pairs that you specify:
  • Trusted user name:permanent user name
  • Trusted user name:application user name

The row persists until either you drop the trusted user or the permanent user.

When you grant WITH TRUST_ONLY to a trusted user, Vantage adds a row to DBC.ConnectRulesTbl that contains the following information:
  • TrustUserId
  • ProxyUser=space_characters
  • TrustOnly=Y

Vantage also updates all rows in DBC.ConnectRulesTbl with the value for TrustUserId=specified_TrustUserID to set TrustOnly=Y.

When you revoke WITH TRUST_ONLY from a trusted user, Vantage updates all rows in DBC.ConnectRulesTbl where TrustUserId=specified_TrustUserID to set TrustOnly=N.

To provide an audit trail for the management of the rules, Vantage retains the row if the privilege is revoked, but does not drop the user.

The following list indicates the values for DBC.ConnectRulesTbl.GrantStatus when the TRUST_ONLY privilege is granted to a trusted user or not:
  • If DBC.ConnectRulesTbl.GrantStatus is set to G, then the TRUST_ONLY privilege is granted to trusted_user.
  • If DBC.ConnectRulesTbl.GrantStatus is set to R, then TRUST_ONLY privilege is revoked from trusted_user.