17.05 - Example: Changing the Row-Level Security Category for a Session - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - SQL Data Definition Language Syntax and Examples

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
Release Date
January 2021
Content Type
Programming Reference
Publication ID
B035-1144-175K
Language
English (United States)

User arn_anderson logs on. The resulting session has a row-level security label consisting of an unclassified level and nato category. As soon as the session is established arn_anderson changes the category to norway.

     SET SESSION CONSTRAINT = classification_category (norway) ;

After the SET SESSION CONSTRAINT request executes the session has a label of unclassified and norway.

Assume that later on, the session initiated by arn_anderson wanted to read one of the 3 rows from inventory, so the user submits the following SELECT request.

     SELECT *
     FROM inventory
     WHERE col_1=12122;

The result of this request would be 0 rows and a value of ‘F’ returned signifying the that the user credentials failed security policy validation, so the constraint predicate added to the query evaluates to FALSE and the row is eliminated from the read.

Vantage does not return any rows for this request because the level of unclassified for arn_anderson does not allow him to read secret rows or because his category of norway does not allow him to read rows with a category of nato.