17.20 - Trusted Sessions - ODBC Driver for Teradata

ODBC Driver for Teradata® User Guide

Product
ODBC Driver for Teradata
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2022-06-21
dita:mapPath
uqj1639470627591.ditamap
dita:ditavalPath
nkw1500504256726.ditaval

Starting with Teradata Database 13.10, trusted sessions provide more security to applications that interface between users and the database, especially in cases where users can submit their own SQL query commands. It prevents a user from submitting "SET QUERY_BAND" commands to change a proxy user. 

The database does not allow SET QUERY_BAND SQL to set or change a proxy user on a session having GRANT CONNECT THROUGH privilege with the ‘WITH TRUST_ONLY’ option, unless it is submitted as a trusted SQL request. ODBC Driver for Teradata submits an SQL as trusted only when an SQL_ATTR_TRUSTED_SQL(13010) statement attribute is set by calling SQLSetStmtAttr() with a value SQL_TRUE.  Immediately after SQLExecute() or SQLExecDirect() is called, SQL_ATTR_TRUSTED_SQL will be reset to the default value SQL_FALSE.

For more information on the GRANT CONNECT THROUGH privilege, see Teradata Vantage™ - SQL Data Control Language, B035-1149.

The following is sample code to send a trusted SQL:

……….
……….
RETCODE result;

result = SQLSetStmtAttr(StatementHdl, SQL_ATTR_TRUSTED_SQL, (SQLPOINTER)SQL_TRUE, SQL_IS_UINTEGER);
if (SQL_SUCCESS == result)
{
	// After SQL execution, the SQL_ATTR_TRUSTED_SQL attribute value will be reset to SQL_FALSE
	// to prevent any further use of SET QUERY_BAND until you change the attribute to SQL_TRUE once again.

	result = SQLExecDirect(yourStatementHdl, (SQLTCHAR *) "SET QUERY_BAND='proxyuser=user1;'FOR SESSION; ", SQL_NTS);vt 
	if (SQL_SUCCESS != result)
	{
		// Handle error
	}
}
else
{
	// Handle error
}