Database User Implementation Process | Teradata Vantage - Directory Database User Implementation Process - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update
Product Category
Teradata Vantage
  1. Evaluate the system for directory management of Teradata Vantage users. See Evaluating the System for Directory Management of Users.
    • Make sure your directory is compatible with Vantage.
    • Run tests to ensure that the directory properly communicates with the database.
  2. Determine the directory authentication/authorization strategy and learn the configuration requirements. See Working with Directory User Management Options.
    Enable directory authentication/authorization as shown in the topics about setting up the options that you want to implement.
  3. Review directory user characteristics, privileges, and required directory setup tasks. See Directory User Characteristics.
  4. In the database, create profiles and external roles for assignment to directory users. See Creating Users and Granting Privileges.
  5. Provision directory users using either of these procedures.
  6. If they do not already exist in the directory, create database objects for roles and profiles. For auto provisioning create directory roles based on the external roles in the database. Assign directory principals to roles or profiles.
    Skip this step if you are using lightweight LDAP authorizations. For lightweight LDAP authorizations you do not need to create database objects for users, roles, and profiles in the directory (in the tdatSystem).
  7. Test the setup. See Testing Directory Authentication and Authorization Setup.
  8. Evaluate, and if necessary configure, LDAP binding and protection options. See:
    1. LDAP Binding Options.
    2. Using TLS with a Directory Server.
  9. Evaluate, and if necessary, configure directory search options. See Optimizing Directory Searches.
  10. If multiple directory services access Teradata Vantage, evaluate the need to complete special setup procedures. See:
  11. In a multi-system environment, where users log on through Unity, observe the additional directory configuration requirements needed for Unity. For information about Unity, see Teradata® Unity™ Installation, Configuration, and Upgrade Guide for Customers, B035-2523 and Teradata® Unity™ User Guide, B035-2520.
    Teradata recommends that you implement and test LDAP authentication and authorization of users for individual database systems before attempting to configure it for Unity.
  12. Evaluate, and if necessary configure, network security policies in the directory. See Network Security Policy.