Function of CREATE AUTHORIZATION Requests

Function of CREATE AUTHORIZATION Requests - Teradata Vantage

Teradata® VantageCloud Lake

Deployment

VantageCloud

Edition

Lake

Product

Teradata Vantage

Published

January 2023

ft:locale

en-US

ft:lastEdition

2024-12-11

dita:mapPath

phg1621910019905.ditamap

dita:ditavalPath

pny1626732985837.ditaval

dita:id

phg1621910019905

An authorization object specifies the user context to use when running an external routine that performs operating system I/O operations.

Authorization objects associate a user with an OS platform user ID. With an OS platform user ID, a user can log on to a database node as a native operating system user and be able to run external routines that perform OS-level I/O operations.

You must create an authorization object for any external routine that has an EXTERNAL SECURITY clause as part of its definition. You must define authorization objects for the following users and situations:

A user who must run external routines that contain an INVOKER security clause.
A user who must be the definer of any external routine modules that contain the DEFINER external clause.

Without the appropriate authorization objects having been created, none of the external routines containing an EXTERNAL SECURITY clause can run.

When you submit a CREATE AUTHORIZATION statement, the system validates the values for the specified user variables. If the specified user object has not yet been created on all database nodes or if any of the other information you specified is not correct, the statement returns an error message to the requestor.

The system permits only three failed attempts to create an authorization object. After three failed attempts, the system returns an appropriate error message to the requestor.

You must first log off the system and then log back on. The DBA also has the option of activating access logging on CREATE AUTHORIZATION to enable the tracking of suspicious attempts to perform it. See BEGIN LOGGING.