Assigning Security Constraints in a CREATE USER Statement - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-02-29
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Use the CREATE USER statement to assign security constraints to a new user. For example:

CREATE USER
   Joe_Smith AS PERM = 1e6, PASSWORD=JoePassword,
   CONSTRAINT = Classification_Level (Secret, Unclassified DEFAULT),
   CONSTRAINT = Classification_Country (US, UK, GER);

where:

Syntax Element Description
Classification_Level (Secret, Unclassified DEFAULT) Names a hierarchical security CONSTRAINT object and assigns the applicable name:value pairs (levels) according to user needs. In this example the user has two classification levels:
  • The Unclassified level (default), allows the user to INSERT new rows without automatically classifying them as secret.
  • The user can also use SET SESSION CONSTRAINT to assume the Secret level, to read highly classified rows.
Classification_Country (US, UK, GER) Names a non-hierarchical security CONSTRAINT object and assigns the applicable name:value pairs (compartments) to the user. In this example the user is from the US, but also coordinates operations with the UK and Germany.
A new or changed security constraint assignment takes effect at the next user logon.