In a Trusted Session, security permissions for another user having access rights in the Teradata Database are applied to queries. A Trusted Session is defined using Query Banding. In general, query banding allows you to associate key-value pairs with queries, which enables job prioritization for BI client users connecting to a Teradata Database. The ProxyUser and ProxyRole keys are used to set up a trusted session.
When initiating a session, the Teradata OLAP Connector and Teradata OLAP Server always attempt to set up a trusted session using credentials provided in the DSN or during the logon process. If permissions for credentials specified in the DSN or logon process are not defined in the Teradata Database, then queries for the session are executed using the permissions defined for the MDX Service Account. See Setting Up an MDX Service Account and OLAP Connection for further details on the MDX Service Account.
For more details on Trusted Sessions and Query Banding, see Security Administration (B035-1100).
The following excerpt from a Teradata OLAP Connector log file shows how the OLAP Connector attempts to set up a trusted session using the ProxyUser key, and then reverts to using the MDX Service Account:
<INFO> 2013/06/04 13:26:02.953 [[TBIUSER@]] [13088-13680] SQL: SET QUERY_BAND='UserId=TBIUSER;ApplicationName=Teradata OLAP Connector;Version=14.10.00.446;ProxyUser=TBIUSER;' FOR SESSION </INFO> Page 83 of 100 <ERROR> 2013/06/04 13:26:02.954 [[TBIUSER@]] [13088-13680] ExecuteDirect [Teradata][ODBC Teradata Driver][Teradata Database] Connect Through has not been granted to TBIUSER through TBISERVICE. SQL state = HY000, Native err = -9203 </ERROR> <INFO> 2013/06/04 13:26:02.954 [[TBIUSER@]] [13088-13680] SQL: SET QUERY_BAND='UserId=TBIUSER;ApplicationName=Teradata OLAP Connector;Version=14.10.00.446;' FOR SESSION </INFO>
Trusted Sessions are supported in Teradata Database version 13.0 or greater.