17.10 - ShowAllUserNames - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Database Utilities

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Configuration
Publication ID
B035-1102-171K
Language
English (United States)

Determines whether user names are shown in Vantage logs, including user names that have not been authenticated.

Field Group

General

Valid Settings

Setting Description
TRUE Show all user names in logs, regardless of whether user names are authenticated.
FALSE Conceal any unauthenticated user name in logs as "Non-existent User".

Default

FALSE

Changes Take Effect

After the DBS Control record has been written.

Usage Notes

Affected logs are:
  • DBC.Eventlog table
  • Views based on DBC.Eventlog, such as DBC.LogOnOffV
  • Operating system log, for example, /var/log/messages
If you set ShowAllUserNames to TRUE, all user names, including those that cannot be authenticated, are logged and visible in the affected logs. This can be a security risk, because a common user error is to enter a password in the user name logon field, which would fail authentication. If ShowAllUserNames is TRUE, these misplaced passwords would be visible in the affected logs.

The default setting of FALSE prevents these unauthenticated user names from being visible in the logs by recording them as Non-existent User.

Change this field value to TRUE only if you determine that the utility of seeing unauthenticated user names in the affected logs overrides the risk of exposing potentially misplaced passwords.

Related Information

For More Information on… See…
Gateway logging Gateway Control (gtwcontrol) and Gateway Global (gtwglobal).
User authentication and security Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.