17.10 - Security Administrator Responsibilities - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update
  • Work with the database administrator to review site security requirements and evaluate the Teradata Vantage security features that support those requirements.
  • Review the options for managing system user authentication and authorization, and select a strategy, based on site security policy.
  • Develop a security policy based on how the site uses Teradata Vantage capabilities to meet security needs. Distribute the policy to administrators.
  • Set up and manage the TDGSS configuration files to support the user authentication and authorization strategy.
  • Create and maintain Vantage users, roles, profiles and security constraints.
    Although the security administrator creates these objects, the database administrator has knowledge of user needs and the required privileges on Vantage objects, and is also responsible for determining and managing user privileges.
  • Coordinate with the database administrator and directory administrator to set up optional directory management of Vantage users, including provisioning users in the directory, configuring associated mechanism properties, and setting up binding, protection, and user identification options.
  • Manage user logon permissions and password controls.
  • Set up optional access restrictions by IP address.
  • Set up Vantage access logging and monitor the output for security violations.
  • Create a set of site security procedures and distribute them to users.
  • Take action to repel security threats, including revising user privileges, revoking logons, and dropping users. The security administrator should only take enforcement actions with the knowledge and participation of the database administrator.

For information on creating the security administrator and granting user privileges sufficient to carry out these responsibilities, see Creating the Security Administrator User.