For trusted sessions, the application is set up as a trusted user with an associated set of proxy users. For details about setting up trusted users and proxy users, see Security Administration, B035-1100.
In a trusted session, query banding is required to identify the end user, and can also be used to define user privileges beyond those available to the application user.
The following reserved query bands can be used only in trusted sessions.
|ProxyRole||Defines the role to be used within the trusted session.
The valid value is the name of a role that has been granted to the proxy user.
Proxy roles only apply to application end users that are not also permanent database users. Proxy users who are also permanent database users inherit the permanent user privileges.
|ProxyUser||Sets a trusted session to the identity of the proxy user.
The valid value is the name of a proxy user that has been granted the CONNECT THROUGH privilege on the currently logged on user.
See SQL Data Control Language, B035-1149 for the syntax and rules for using GRANT CONNECT THROUGH requests.
For a sample SET QUERY_BAND statement, see the examples beginning with Example: Making a Proxy User Connection.
Also see “Trusted Sessions” in the Teradata Orange Book, Using Querybanding in the Teradata Database.