16.20 - Query Banding for Trusted Sessions - Teradata Database - Teradata Vantage NewSQL Engine

Teradata Vantage™ SQL Data Definition Language Syntax and Examples

Product
Teradata Database
Teradata Vantage NewSQL Engine
Release Number
16.20
Published
March 2019
Language
English (United States)
Last Update
2019-05-24
dita:mapPath
wkf1512081455740.ditamap
dita:ditavalPath
TD_DBS_16_20_Update1.ditaval

For trusted sessions, the application is set up as a trusted user with an associated set of proxy users. For details about setting up trusted users and proxy users, see Teradata Vantage™ NewSQL Engine Security Administration, B035-1100.

In a trusted session, query banding is required to identify the end user, and can also be used to define user privileges beyond those available to the application user.

The following reserved query bands can be used only in trusted sessions.

Name Description
ProxyRole Defines the role to be used within the trusted session.

The valid value is the name of a role that has been granted to the proxy user.

Proxy roles only apply to application end users that are not also permanent database users. Proxy users who are also permanent database users inherit the permanent user privileges.
ProxyUser Sets a trusted session to the identity of the proxy user.

The valid value is the name of a proxy user that has been granted the CONNECT THROUGH privilege on the currently logged on user.

See Teradata Vantage™ SQL Data Control Language, B035-1149 for the syntax and rules for using GRANT CONNECT THROUGH requests.

For a sample SET QUERY_BAND statement, see the examples beginning with Example: Making a Proxy User Connection.

Also see “Trusted Sessions” in the Teradata Orange Book, Using Querybanding in the Teradata Database.