15.10 - EXTERNAL SECURITY - Teradata Database

Teradata Database SQL Data Definition Language Syntax and Examples

prodname
Teradata Database
vrm_release
15.10
created_date
December 2015
category
Programming Reference
featnum
B035-1144-151K

Keywords introducing the external security clause.

This clause is recommended for procedures that perform operating system I/O operations because it permits you to specify a particular OS user under whom the function runs. Otherwise, a protected mode procedure runs under the generic user tdatuser.

Also see CREATE AUTHORIZATION and REPLACE AUTHORIZATION.

DEFINER
The UDF runs in the client user context of the associated security authorization object created for this purpose, which is contained within the same database as the procedure.
  • If you specify an authorization name, you must define an authorization object with that name before you can invoke the procedure.
  • If you do not specify an authorization name, you must define a default DEFINER authorization object.
The default authorization object must be defined before a user can run the procedure.
Teradata Database reports a warning if the specified authorization name does not exist at the time the procedure is created, stating that no authorization name exists.
If you then attempt to execute the procedure, the request aborts and the system returns an error to the requestor.
authorization_name
An optional authorization name for this DEFINER as defined by CREATE AUTHORIZATION.
INVOKER
The procedure runs using the INVOKER authorization associated with the logged on user who is running the function.