Assess database user needs and develop a user management strategy before you begin executing user management setup tasks.
- Create a list of all users that require access to Teradata Database and identify each one according to user type. Minimize the number of user types to simplify user management.
- Examine user space requirements:
- Users that create or own databases, tables and other space-consuming objects require permanent storage space (perm space).
- Users that execute SQL queries, macros, or stored procedures require spool space to contain the required temporary database structures. The spool specification in a profile limits the amount of available space a profile member can use.
- Define requirements for one or more account strings. Each profile can include
one or more accounts. Each account can specify:
- Request priority. This classification is in effect only when TASM or TIWM classification processes cannot match the request to a user-defined workload.
- A four-character account identifier based on department, group, or function.
- A date and time stamp/
- Define the user default database, that is, the database where the user most often works.
- Define password control parameters. Refer to the chapters on password controls and managing passwords in Security Administration. Consider your site security policy and decide whether or not all users can share global password parameters, or if you need to set them by user group, in profiles.
- Review the database objects (such as views, tables, macros, functions, and procedures) that users or user groups must access to do their job. Always define database privileges at the highest level that is appropriate for a particular user. For example, if a user requires the same privileges on all views in a database, assign privileges at the database level.
- Identify groups of users with common database privilege requirements and create roles to define the privileges for each group. Consolidate minor differences in access requirement where possible to minimize the number of roles.
- You may need to assign specialized privileges directly to individual users.