15.10 - Specification of Security Attributes - Parallel Transporter

Teradata Parallel Transporter User Guide

prodname
Parallel Transporter
vrm_release
15.10
category
User Guide
featnum
B035-2445-035K

Specification of Security Attributes

The following security-related attributes may be required for logons to Teradata Database depending on the user authentication method employed.

  • UserName
  • UserPassword
  • TdpId
  • LogonMech
  • LogonMechData
  • For information on how the attribute values vary with authentication method “Teradata Database Authentication” on page 77, and “External Authentication” on page 78.

    Specifying Security Attribute Values

    Values for the security attributes can be assigned in any the following statements, which are listed in the order they are processed, from lowest to highest priority.

  • DEFINE OPERATOR
  • in an APPLY statement, or SELECT clause of an APPLY statement
  • Note: Specifying an attribute value at a higher priority level (an APPLY statement) supersedes values for the attribute specified at a lower level (a DEFINE OPERATOR statement).

    Security Strategy

    Consider the following when deciding were to specify values for security attributes:

  • Operators can be more generally applied if they are not required to carry values for the security-related attributes, although these values can be overridden in APPLY statements
  • When processing sensitive information with Teradata PT, specifying the UserName and UserPassword values as job variables avoids problems that may occur if such logon information is kept in plain view in job scripts.
  • If a single user has the privileges necessary to run an entire job script, specify the UserName and UserPassword values as job variables rather than individually in the operators, other objects, or APPLY statements.
  • If privilege requirements vary greatly among instances of the same object, specify the UserName and UserPassword values in the APPLY statement.
  • Teradata PT jobs log on to either the Teradata Database, an outside data source, or both. Logon requirements differ between Teradata Database and outside data sources.

    When Accessing Non-Teradata Data Sources

    The following operators access non-Teradata data sources. However, since they logon through an access module, they do not require logon information.

  • DataConnector
  • FastLoad INMOD Adapter
  • FastExport OUTMOD Adapter
  • MultiLoad INMOD Adapter
  • For these operators, logon information must be entered as part of the access module or INMOD/OUTMOD routine through which the operator accesses the outside data source.

    Note: Although it also accesses outside data sources, the ODBC operator functions differently from other such operators, and allows the option of specifying the following in the job script:

  • UserName
  • UserPassword
  • For detailed information “ODBC Operator” in Teradata Parallel Transporter Reference.

    When Accessing a Teradata Database

    The following operators can directly access a Teradata Database and therefore require submission of more detailed logon information:

  • DDL
  • Export
  • Load
  • SQL Inserter
  • SQL Selector
  • Stream
  • Update