15.10 - CONSTRAINT - Teradata Database

Teradata Database SQL Data Definition Language Syntax and Examples

prodname
Teradata Database
vrm_release
15.10
created_date
December 2015
category
Programming Reference
featnum
B035-1144-151K

There is a limit of 6 hierarchical constraints and 2 non-hierarchical constraints that can be assigned per profile.

If the constraint is already assigned to the user, the level or category names you specify for the constraint replace all existing specifications.

Changes take effect at the next user logon after the user definition is modified.

For more information about row-level security constraints, see CREATE CONSTRAINT.

row_level_security_constraint_name
Name of an existing row-level security constraint followed by the list of the hierarchical levels or non-hierarchical categories, valid for the constraint, which are being assigned to the user_name.
level_name
List of the hierarchical levels.
category_name
List of non-hierarchical categories
DEFAULT
DEFAULT can be specified for 1 classification level from the specified list of levels for a hierarchical constraint. The specified level becomes the default value for the constraint when a session is established for the user to which the profile is assigned.
If you do not specify DEFAULT for any of the listed classification levels, then the first level listed becomes the default for the profile.
DEFAULT is not valid for non-hierarchical constraints.
NULL
If you specify NULL for a constraint previously assigned to the user, the constraint is dropped from the user definition.

Example: Adding or Dropping Security Constraint Assignments in a MODIFY USER Statement

You can change security constraint assignments for a user in a MODIFY USER statement. When you specify a security constraint that is:

  • Not currently assigned to the user, the constraint is added to any existing constraints.
  • Already assigned to the user, the new specifications replace the existing specifications.
  • Already assigned to the user, followed by the keyword NULL, the constraint assignment is dropped from the user.

For example:

MODIFY USER
   Joe_Smith AS
   CONSTRAINT = Classification_Level
 (TopSecret, Unclassified DEFAULT),
   CONSTRAINT = Classification_Country (NULL)
   CONSTRAINT = Classification_Job (Analyst) ;

where:

Syntax Element Description
Classification_Level(TopSecret, Unclassified DEFAULT) Raises the user classification level by replacing a previously assigned Secret clearance with TopSecret, while retaining the DEFAULT Unclassified level.
Classification_Country (NULL) Drops the Classification_Country constraint assignment that was previously assigned to the user.
Classification_Job (Analyst) Adds the new hierarchical category Classification_Job, and assigns the Analyst classification level.
A new or changed security constraint assignment takes effect at the next user logon.