Trusted Sessions provides more security to applications that interface between users and the database, especially in cases where users can submit their own SQL query commands. It prevents a user from possibly submitting "SET QUERY_BAND" commands to change a proxy user. Trusted sessions are supported in Teradata database 13.10 or later.
The database does not allow SET QUERY_BAND SQL to set/change a proxy user on a session having GRANT CONNECT THROUGH privilege with the ‘WITH TRUST_ONLY’ option, unless it is submitted as a trusted SQL request. The ODBC Driver submits an SQL as trusted only when an SQL_ATTR_TRUSTED_SQL(13010) statement attribute is set by calling SQLSetStmtAttr() with a value SQL_TRUE. Immediately after SQLExecute() or SQLExecDirect() is called, SQL_ATTR_TRUSTED_SQL will be reset to the default value SQL_FALSE.
For more information on the GRANT CONNECT THROUGH privilege, please refer the database manual SQL Data Control Language (B035-1149).
The following is sample code to send a trusted SQL:
………. ………. RETCODE result; result = SQLSetStmtAttr(StatementHdl, SQL_ATTR_TRUSTED_SQL, (SQLPOINTER)SQL_TRUE, SQL_IS_UINTEGER); if (SQL_SUCCESS == result) { / After SQL execution, the SQL_ATTR_TRUSTED_SQL attribute value will be reset to SQL_FALSE // to prevent any further use of SET QUERY_BAND until you change the attribute to SQL_TRUE once again. result = SQLExecDirect(yourStatementHdl, (SQLTCHAR *) "SET QUERY_BAND='proxyuser=user1;'FOR SESSION; ", SQL_NTS);vt if (SQL_SUCCESS != result) { // Handle error } } else { // Handle error }