Preventing Unauthorized Use of Query Banding by Proxy Users - Advanced SQL Engine - Teradata Database

SQL Data Definition Language Syntax and Examples

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
Published
January 2021
Language
English (United States)
Last Update
2021-01-22
dita:mapPath
ncd1596241368722.ditamap
dita:ditavalPath
hoy1596145193032.ditaval
dita:id
B035-1144
lifecycle
previous
Product Category
Teradata Vantage™

If no restrictions are imposed, a proxy user could use a SET QUERY_BAND statement to change the proxy user for the session and possibly make unauthorized access to the database. However, use the GRANT CONNECT THROUGH statement and the WITH TRUST ONLY clause to instruct the database to honor SET QUERY_BAND statements that set or update a proxy user only if they are part of a trusted request. You also must program the application trusted user to flag each request as trusted or not trusted to prevent unauthorized use of SET QUERY_BAND to change of the proxy user for a trusted session.