16.20 - Example: Security Constraint Non-Hierarchical Rules - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - SQL External Routine Programming

Product
Advanced SQL Engine
Teradata Database
Release Number
16.20
Release Date
April 2020
Content Type
Programming Reference
Publication ID
B035-1147-162K
Language
English (United States)
Operation Example Rule
INSERT The current session must have a security label (1 or more compartments). All compartments in the session label are entered as the row constraint column value.

Purpose: Forces predictable row classification based on the user label.

SELECT The session security label must include all the compartments in the row label or the operation fails.

Purpose: If a row is classified with several compartments, ensures that the accessing user is a member of all compartments.

UPDATE The row label must include all the compartments contained in the session label.

Purpose: Prevents the user from inadvertently adding classifications to the row.

DELETE The row can be deleted only if the constraint column value is NULL.

Purpose:Ensures that a row is reviewed and declassified before it can be deleted.

You must have OVERRIDE UPDATE privileges to reclassify a row as NULL, so that it can be deleted.