External authentication permits a user to log on to a computer one time and access a database without providing a user name, password, or account name. To enable this, you must explicitly map any directory users who are not already mapped to Vantage users in the directory. If you do not create an explicit mapping between an unmapped user and Vantage, that directory user cannot log on to Vantage.
- EXTUSER.
Mapping to EXTUSER is the most commonly used method.
You cannot assign row-level security privileges to EXTUSER.
If the AuthorizationSupported property is set to yes in the TdgssUserConfigFile.xml file, and a user attempts to log on to the database, the user is authenticated by the directory. If auto provisioning is turned on, then the user is not logged on as EXTUSER. Instead, the database creates an account for the user in DBC.Dbase and logs the user on using that account. Auto provisioned users are not permanent users and must authenticate against the directory. - A Profile.
- A Role.
- A Teradata user.
Another way to do this is to grant the user logon privileges with a null password.
The following procedure creates a Vantage user who can log on to a Teradata system through a gateway that has Append Domain Name set. This user is already defined as user rhh and her account is in the esw2kdev domain.
- Create user rhh using the following CREATE USER request:
CREATE USER "rhh@esw2kdev" AS PERM = 10000000, PASSWORD = rhh;
- Grant user rhh the following logon privileges using a GRANT LOGON request:
GRANT LOGON ON ALL TO "rhh@esw2kdev" WITH NULL PASSWORD;