17.10 - tdspolicy for a Directory Principal Mapped to a Teradata Vantage User - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

If a directory principal is mapped to a Teradata user object, specify the -u as the name of the database user.

$ tdspolicy -u perm01 –p profile01 –s local –i
Querying policy using the following parameters:

       Teradata user: perm01
    Teradata profile: profile01
          IP address:

          Mechanisms: td2, ldap
Confidentiality QoPs: high
      Integrity QoPs: low
             Options: no-direct-connect


  • The directory principal (-u) can use only the TD2 or LDAP mechanism to log on.
    Profile01, which is mapped to the directory principal, applies only for LDAP logons. Profile-based policy does not apply to TD2 sessions.
  • The system automatically uses the high confidentiality QOP (which supersedes the low integrity QOP) for all user message transmissions.
  • The directory principal cannot connect directly to the database from the network, but must log on through a Unity tdpid or a mainframe connection.