Keywords introducing the external security clause.
This clause is recommended for UDFs that perform operating system I/O operations because it permits you to specify a particular OS user under whom the function runs. Otherwise, a protected mode UDF runs under the generic user tdatuser.
Also see CREATE AUTHORIZATION and REPLACE AUTHORIZATION.
- DEFINER
- The UDF runs in the client user context of the associated security authorization object created for this purpose, which is contained within the same database as the procedure.
-
- If you specify an authorization name, you must define an authorization object with that name before you can invoke the procedure.
- If you do not specify an authorization name, you must define a default DEFINER authorization object.
- The default authorization object must be defined before a user can run the procedure.
- Teradata Database reports a warning if the specified authorization name does not exist at the time the procedure is created, stating that no authorization name exists.
- If you then attempt to execute the procedure, the request aborts and the system returns an error to the requestor.
-
authorization_name
- An optional identifier for this DEFINER.
- For information about naming database objects, see
Teradata Vantage™ SQL Fundamentals, B035-1141.
- See CREATE AUTHORIZATION and REPLACE AUTHORIZATION.
- INVOKER
- The function runs using the INVOKER authorization associated with the logged on user who is running the function.
- See CREATE AUTHORIZATION and REPLACE AUTHORIZATION.