Usage Notes - Advanced SQL Engine - Teradata Database

Data Dictionary

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
Published
January 2021
Language
English (United States)
Last Update
2021-01-22
dita:mapPath
prb1610499325399.ditamap
dita:ditavalPath
hoy1596145193032.ditaval
dita:id
B035-1092
lifecycle
previous
Product Category
Teradata Vantage™

The underlying table of this view is populated only if the DBC.AccLogRule security macro is installed and the DBA or security administrator has executed one or more BEGIN LOGGING statements. For more information about this security macro, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

To install the DBC.AccLogRule security macro, you must manually run the DIP script, DIPACC. For more information about the DIPACC script, see Teradata Vantage™ - Database Utilities , B035-1102 .

Each row in the underlying table defines a rule controlling what privilege check is to be logged when a specific user attempts to access a specific object.

When a request is submitted that involves any of the rule criteria, the details of the involvement are recorded in the access log.

In AccLogRulesV, each Access Rule (Acr...) column is named for a particular privilege, which is also associated with an access action and a SQL statement. In each column, each character position represents the frequency with which checks performed on that privilege are to be logged, as follows:

  1. Position 1 (every privilege check) indicates how often to log checks on this privilege when performed against any requests (submitted by a specified user) that attempt to access the specified object. Possible values that could appear in each position are as follows:

    B = Both FIRST and LAST occurrences are to be logged.

    E = Each occurrence is to be logged.

    F = FIRST occurrence is to be logged.

    L = LAST occurrence is to be logged.

    Blank = No logging.

  2. Position 2 indicates how often to log checks on this privilege when performed against requests (submitted by a specified user) that are not allowed to access the specified object (that is, check results are Denials).

    B = Both FIRST and LAST occurrences are to be logged.

    E = Each occurrence is to be logged.

    F = FIRST occurrence is to be logged.

    L= LAST occurrence is to be logged.

    Blank = No logging.

  3. Position 3 (save text of request) indicates whether to record the text of the requests that cause a check on this privilege.

    - = Save text only for Denial entries.

    + = Save text for all entries.

    = = Save text for all entries (specified in multiple BEGIN LOGGING statements).

    Blank = No WITH TEXT option specified.

Referenced Columns

Many of the Data Dictionary view columns have referenced table columns. That is, the value in the view column corresponds to a value in the selected column referenced in the table. It would be meaningful to join the view and the referenced table based on the selected column and the referenced column.

Referenced columns for this view are:

View Column Referenced Column
UserName Dbase.DatabaseName
DatabaseName Dbase.DatabaseName
TVMName TVM.TVMName
ConstraintName SecConstraints.ConstraintName