About Security Settings - Teradata Data Mover

Teradata Data Mover User Guide

Product
Teradata Data Mover
Release Number
16.10
Published
June 2017
Language
English (United States)
Last Update
2018-03-29
dita:mapPath
kmo1482331935137.ditamap
dita:ditavalPath
ft:empty
dita:id
B035-4101
lifecycle
previous
Product Category
Analytical Ecosystem
When the security management framework is enabled, the following rules apply:
  • The super user (dmcl_admin) can run any command.
  • A user who has write or execute permission implicitly has read permission also. This applies to both daemon and job level permissions.
  • A user who creates a job is the job owner and automatically has job level read, write, and execution permissions for the job.
  • The job level read, write, and execute permissions are applied at the base job name only. For commands that have the job execution name in the <job_name> parameter, the job level permission is checked against the execution's base job name.
  • When a regular Viewpoint user runs the create command to create a job, the owner_name field in the SecurityType object is replaced in the create job request to represent the user authentication result. This occurs whenever the request user name is not the super user (dmcl_admin), regardless of the daemon security setting. The Data Mover daemon processes the create command and records the owner name and other user and role permission information. For the super user (dmcl_admin), the owner_name is not changed. This allows the super user to run the create job command with any user credential provided in the original job request.
  • When daemon security is enabled, users' global modification permissions are verified when they run the create command. This includes such properties as allow_arc, allow_tptapi_load, allow_tptapi_update, allow_tptapi_stream, and number_data_stream. If a user does not have the proper modification permission, the create request fails.
  • When daemon security is enabled, users' global modification permissions are verified for update_job_steps and update_job_priorities. If a user does not have the proper modification permission, a security exception will occur.
  • A user can update job permissions by running the start command with dynamical parameters, or by using the edit_job command. When daemon security is enabled, a user must be the super user (dmcl_admin), the Viewpoint Administrator with write permissions, or the job owner to update job permissions; otherwise, a security exception will occur.
  • When security is enabled, only the super user (dmcl_admin) or Viewpoint Administrator with write permission can use the start or edit job command to change job owner.