Example: Security Constraint Hierarchical Rules - Advanced SQL Engine

Example: Security Constraint Hierarchical Rules - Advanced SQL Engine - Teradata Database

SQL External Routine Programming

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

July 2021

Language

English (United States)

Last Update

2021-07-27

dita:mapPath

rin1593638965306.ditamap

dita:ditavalPath

rin1593638965306.ditaval

dita:id

B035-1147

lifecycle

Product Category

Teradata Vantage™

Operation	Example Rule
INSERT	The current session must have a security label valid for the security constraint. The session label is entered as the constraint column value for the new row. Purpose: Allows any user with table level insert privileges to insert a new row. Assumes that the user security level is appropriate for the new data.
SELECT	The session security label must equal or exceed the row label or the operation fails. Purpose: Only users classified equal to or higher than a row can read row data.
UPDATE	The session security label must equal or exceed the row label or the operation fails. If the operation is allowed, the updated row uses the session security label for the constraint column value. Purpose: Restricts access to equivalent/higher level users. The row is automatically reclassified to the user level in case the user adds data with a higher classification.
DELETE	The row cannot be deleted unless the constraint column value is at the lowest security level. Purpose:Ensures that a row is reviewed and declassified before it can be deleted.