Dictionary Storage of CONNECT THROUGH Metadata - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
ft:locale
en-US
ft:lastEdition
2024-12-11
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

The dictionary table DBC.ConnectRulesTbl contains information on which proxy users can connect through which trusted users and what roles are available to make proxy connections. The table contains one row for every trusted_user_name:proxy_user_name combination.

When processing a GRANT CONNECT THROUGH request, the system writes a row to DBC.ConnectRulesTbl for each of the following pairs that you specify:
  • Trusted user name:permanent user name
  • Trusted user name:application user name

The row persists until either you drop the trusted user or the permanent user.

When you grant WITH TRUST_ONLY to a trusted user, Vantage adds a row to DBC.ConnectRulesTbl that contains the following information:
  • TrustUserId
  • ProxyUser=space_characters
  • TrustOnly=Y

Vantage also updates all rows in DBC.ConnectRulesTbl with the value for TrustUserId=specified_TrustUserID to set TrustOnly=Y.

When you revoke WITH TRUST_ONLY from a trusted user, Vantage updates all rows in DBC.ConnectRulesTbl where TrustUserId=specified_TrustUserID to set TrustOnly=N.

To provide an audit trail for the management of the rules, Vantage retains the row if the privilege is revoked, but does not drop the user.

The following list indicates the values for DBC.ConnectRulesTbl.GrantStatus when the TRUST_ONLY privilege is granted to a trusted user or not:
  • If DBC.ConnectRulesTbl.GrantStatus is set to G, then the TRUST_ONLY privilege is granted to trusted_user.
  • If DBC.ConnectRulesTbl.GrantStatus is set to R, then TRUST_ONLY privilege is revoked from trusted_user.