Granting CONNECT THROUGH privilege to a Permanent User
The following GRANT CONNECT THROUGH request grants the CONNECT THROUGH privilege to permanent user sbd with the assigned proxy connection role admin through trusted user trusted_app.
GRANT CONNECT THROUGH trusted_app TO PERMANENT sbd WITH ROLE admin;
After this request has been successfully submitted, user sbd has proxy connect privileges through the trusted user called trusted_app, and whenever sbd makes a proxy connection, the system assigns him to the admin role.
Specifying Roles for a Proxy Connection
All roles specified in the WITH ROLE clause of this example are active by default in the proxy connection.
If no ProxyRole is set for application user dg120 in the proxy connection, the active roles are salesrole1, salesrole2, and salesrole3.
The proxy connection can be set to one role that is in the WITH ROLE clause. For example, the ProxyRole for application user dg120 can be set to salesrole1, salesrole2, or salesrole3, but no other roles are permitted.
GRANT CONNECT THROUGH dcm TO dg120, ks392, lm190 WITH ROLE salesrole1, salesrole2, salesrole3;
Specifying WITHOUT ROLE for a Proxy Connection
When you set a WITHOUT ROLE clause for a permanent proxy user, as the following request demonstrates, the system uses the privileges and roles granted to that permanent user, and the default proxy role is the default role defined for the proxy permanent user.
The roles that can be set for the proxy user are restricted to the roles granted to the proxy permanent user.
GRANT CONNECT THROUGH trm TO PERMANENT accting WITHOUT ROLE;
Specifying the WITH TRUST_ONLY Option
The WITH TRUST_ONLY option restricts a middle tier application from submitting SET QUERY_BAND requests that set, change, or remove a PROXYUSER or PROXYROLE for the case where a trusted request is required.
The following request restricts trusted user_name from submitting SET QUERY_BAND requests from a middle tier application unless the application sets the Trusted field in the Options parcel to Y, which indicates that the request is trusted.
See Teradata® Call-Level Interface Version 2 Reference for Mainframe-Attached Systems, B035-2417 or Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems, B035-2418 for details about the Options parcel.
This assumes that the middle tier application uses the CLIv2 API. See the appropriate Teradata Tools and Utilities manual for your application to determine the mechanism for specifying this information for that API.
GRANT CONNECT THROUGH user_name WITH TRUST_ONLY;
If the application does not set the Trusted field in the Options parcel to Y, the system aborts any SET QUERY_BAND request that user_name submits.