16.20 - Usage Notes - Teradata Database - Teradata Vantage NewSQL Engine

Teradata Vantage™ Data Dictionary

Product
Teradata Database
Teradata Vantage NewSQL Engine
Release Number
16.20
Published
March 2019
Language
English (United States)
Last Update
2019-05-03
dita:mapPath
zzu1512081120577.ditamap
dita:ditavalPath
TD_DBS_16_20_Update1.ditaval

The underlying table of this view is populated only if the DBC.AccLogRule security macro is installed and the Teradata Database or security administrator has executed one or more BEGIN LOGGING statements. For more information about this security macro, see Teradata® Vantage NewSQL Engine Security Administration, B035-1100.

To install the DBC.AccLogRule security macro, you must manually run the DIP script, DIPACC. For more information about the DIPACC script, see Teradata® Vantage - Database Utilities, B035-1102.

Each row in the underlying table defines a rule controlling what privilege check is to be logged when a specific user attempts to access a specific object.

When a request is submitted that involves any of the rule criteria, the details of the involvement are recorded in the access log.

In AccLogRulesV, each Access Rule (Acr...) column is named for a particular privilege, which is also associated with an access action and a SQL statement. In each column, each character position represents the frequency with which checks performed on that privilege are to be logged, as follows:

  1. Position 1 (every privilege check) indicates how often to log checks on this privilege when performed against any requests (submitted by a specified user) that attempt to access the specified object. Possible values that could appear in each position are as follows:

    B = Both FIRST and LAST occurrences are to be logged.

    E = Each occurrence is to be logged.

    F = FIRST occurrence is to be logged.

    L = LAST occurrence is to be logged.

    Blank = No logging.

  2. Position 2 indicates how often to log checks on this privilege when performed against requests (submitted by a specified user) that are not allowed to access the specified object (that is, check results are Denials).

    B = Both FIRST and LAST occurrences are to be logged.

    E = Each occurrence is to be logged.

    F = FIRST occurrence is to be logged.

    L= LAST occurrence is to be logged.

    Blank = No logging.

  3. Position 3 (save text of request) indicates whether to record the text of the requests that cause a check on this privilege.

    - = Save text only for Denial entries.

    + = Save text for all entries.

    = = Save text for all entries (specified in multiple BEGIN LOGGING statements).

    Blank = No WITH TEXT option specified.

Referenced Columns

Many of the Data Dictionary view columns have referenced table columns. That is, the value in the view column corresponds to a value in the selected column referenced in the table. It would be meaningful to join the view and the referenced table based on the selected column and the referenced column.

Referenced columns for this view are:

View Column Referenced Column
UserName Dbase.DatabaseName
DatabaseName Dbase.DatabaseName
TVMName TVM.TVMName
ConstraintName SecConstraints.ConstraintName