16.20 - EXTERNAL SECURITY - Teradata Database - Teradata Vantage NewSQL Engine

Keywords introducing the external security clause.

This clause is mandatory for external UDFs that perform operating system I/O operations.

If you do not specify an external security clause, but the UDF being defined performs OS I/O, then the results of that I/O are unpredictable. The most likely outcome is crashing the database, and perhaps crashing the entire system.

See CREATE AUTHORIZATION and REPLACE AUTHORIZATION for information about creating authorizations for external routines.

DEFINER

Specifies that the UDF runs in the client user context of the associated security authorization object created for this purpose, which is contained within the same database as the table function.

• If you specify an authorization name, you must define an authorization object with that name before you can invoke the table function.
• If you do not specify an authorization name, you must define a default DEFINER authorization object.

The default authorization object must be defined before a user can run the table function.

Teradata Database reports a warning if the specified authorization name does not exist at the time the UDF is created, stating that no authorization name exists.

If you then attempt to execute the table function, the request aborts and Teradata Database returns an error to the requestor.

authorization_name

Optional authorization name.

For information about naming database objects, see Teradata Vantage™ SQL Fundamentals, B035-1141.

The specified authorization object must already be defined or the system reports an error. For further information, see CREATE AUTHORIZATION and REPLACE AUTHORIZATION.

INVOKER

Specifies that the table function runs in the OS user context with the associated default authorization object that exists for this purpose.

See CREATE AUTHORIZATION and REPLACE AUTHORIZATION.