Protected mode UDFs, including secure mode UDFs, run under a separate process called a server. UDFs set up to require external security run in a subtype of protected mode called secure mode. The system sets up separate processes, or servers, to support both protected mode and secure mode functions (see Teradata Vantage™ - SQL External Routine Programming, B035-1147 for details).
The following series of events occurs the first time a secure mode UDF (the process is essentially identical for protected mode UDFs) is invoked in a session.
- The UDF server setup logic checks at the authorization and determines whether a secure server process is already set up for the OS user authorization.
Because this is the first time the UDF has been invoked in the session, no secure server process has been set up.
- Checks the user name and password.
- Creates the secure server process and the UDF executes.
If this is not the first time the UDF has been executed for the session, the following series of events occurs:
- The UDF secure server setup logic reads the authorization and determines that there is already a secure server process set up with that authorization.
- The UDF is executed using the existing secure server.
If the maximum number of secure servers has been created and a new request comes in for a given authorization for which there is no established secure server, the following series of events occurs:
- The UDF secure server logic attempts to find a secure server with the given authorization. It does not find one and determines that the maximum number of secures servers has already been set up.
- The authorization is not set up, so the process validates the OS user by making a validation check on the user name and password.
If the logon attempt using the provided authorization information fails, the system returns an error to the session.
- The UDF secure server logic finds the least used secure server process and terminates it.
- The new secure server process is created and the UDF is executed.