Before creating the authorization object Advanced SQL Engine must have permission from the external object store to access the data. The credentials are configured on the object store that you want to access. For example, to access an Amazon S3 bucket an Access Key ID or an AWS Identity and Access Management (IAM) user credential is required, depending on your external object store. See Authentication for External Object Stores for required credentials for the external object stores.
Once your external storage allows Advanced SQL Engine to access it, set up an authorization object with the credentials for your external object store.
- If not already done, log on to Advanced SQL Engine as an administrative user who can grant others privileges.
- Grant the appropriate privileges to the user.To create an authorization object, the user needs the following privileges:
- CREATE AUTHORIZATION
- Log off as the administrative user.
- To run NOS-related commands, log on to the database as a user with the required privileges.
- Create an authorization object in Advanced SQL Engine with the credentials to your external object store.Create the authorization object in the same database as the foreign table that uses it.
CREATE AUTHORIZATION authorization_object USER 'YOUR-ACCESS-KEY-ID' PASSWORD 'YOUR-SECRET-ACCESS-KEY';
See Variable Substitutions for Examples.
For example, the Teradata-supplied public object store has an empty string for USER and PASSWORD. To create an authorization object for the public object store, run:
CREATE AUTHORIZATION MyAuthObj USER '' PASSWORD '';
- View the definition of the authorization object. For example:
SHOW AUTHORIZATION NOS_USR.MyAuthObj;
Note, the password is not returned in the result.
Prerequisites
Create the Authorization Object