15.10 - AccLogRulesV - Teradata Database

Teradata Database Data Dictionary

Product
Teradata Database
Release Number
15.10
Content Type
Administration
User Guide
Publication ID
B035-1092-151K
Language
English (United States)

Security

DBC

 

View Column

Data Type

Format

Source Table.Column

UserName

VARCHAR(128)

UNICODE

NOT CASESPECIFIC

NOT NULL

X(128)

Dbase.DatabaseName

Note: This is a referenced column.

DatabaseName

VARCHAR(128)

UNICODE

NOT CASESPECIFIC

NOT NULL

X(128)

Dbase.DatabaseName

Note: This is a referenced column.

TVMName

VARCHAR(128)

UNICODE

NOT CASESPECIFIC

NOT NULL

X(128)

TVM.TVMName

Note: This is a referenced column.

ConstraintName

VARCHAR(128)

UNICODE

NOT NULL

X(128)

SecConstraints.ConstraintName

Note: This is a referenced column.

AcrAlterFunction

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrAlterFunction

AcrCheckPoint

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCheckpoint

AcrCreateDataBase

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateDataBase

AcrCreateFunction

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateFunction

AcrCreateMacro

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateMacro

AcrCreateTable

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateTable

AcrCreateUser

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateUser

AcrCreateView

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateView

AcrCreateProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateProcedure

AcrCreExtProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreExtProcedure

AcrDelete

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDelete

AcrDropDatabase

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropDatabase

AcrDropFunction

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropFunction

AcrDropMacro

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropMacro

AcrDropTable

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropTable

AcrDropUser

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropUser

AcrDropView

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropView

AcrDropProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropProcedure

AcrDump

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDump

AcrExecute

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrExecute

AcrExecuteFunction

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrExecuteFunction

AcrExecuteProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrExecuteProcedure

AcrGrant

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrGrant

AcrIndex

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrIndex

AcrInsert

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrInsert

AcrReference

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrReference

AcrRestore

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrRestore

AcrSelect

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrSelect

AcrUpdate

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrUpdate

AcrCreateTrigger

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateTrigger

AcrDropTrigger

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropTrigger

AcrCreateRole

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateRole

AcrDropRole

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropRole

AcrCreateProfile

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateProfile

AcrDropProfile

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropProfile

AcrAlterProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrAlterProcedure

AcrRepControl

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrRepControl

AcrAlterExtProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrAlterExtProcedure

AcrUDTUsage

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrUDTUsage

AcrUDTType

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrUDTType

AcrUDTMethod

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrUDTMethod

AcrCreAuthorization

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreAuthorization

AcrDropAuthorization

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropAuthorization

AcrStatistics

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrStatistics

AcrShow

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrShow

AcrCreOwnerProcedure

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreOwnerProcedure

AcrConnectThrough

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrConnectThrough

CreatorName

VARCHAR(128)

UNICODE

NOT CASESPECIFIC

NOT NULL

X(128)

Dbase.DatabaseName

CreateTimeStamp

TIMESTAMP(0)

YYYY-MM-DDBHH:MI:SS

AccLogRuleTbl.CreateTimeStamp

AcrCreateGLOP

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateGLOP

AcrDropGLOP

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(128)

AccLogRuleTbl.AcrDropGLOP

AcrGLOPMember

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(128)

AccLogRuleTbl.AcrGLOPMember

AcrConstrDef

CHAR(3)LATIN

X(3)

AccLogRuleTbl.AcrConstrDef

AcrConstrAsgn

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrConstrAsgn

AcrOverrideIns

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrOverrideIns

AcrOverrideSel

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrOverrideSel

AcrOverrideUpd

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl AcrOverrideUpd

AcrOverrideDel

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrOverrideDel

AcrOverrideDump

CHAR(3)LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrOverrideDump

AcrOverrideRestore

CHAR(3) LATIN

NOT NULL

X(3)

AccLogRuleTbl.AcrOverrideRestore

AcrCreateZone

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrCreateZone

AcrDropZone

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrDropZone

AcrZoneOverride

CHAR(3) LATIN

NOT CASESPECIFIC

NOT NULL

X(3)

AccLogRuleTbl.AcrZoneOverride

The underlying table of this view is populated only if the DBC.AccLogRule security macro is installed and the Teradata Database or security administrator has executed one or more BEGIN LOGGING statements. For more information about this security macro, see Security Administration.

To install the DBC.AccLogRule security macro, you must manually run the DIP script, DIPACC. For more information about the DIPACC script, see Utilities.

Each row in the underlying table defines a rule controlling what privilege check is to be logged when a specific user attempts to access a specific object.

When a request is submitted that involves any of the rule criteria, the details of the involvement are recorded in the access log.

In AccLogRulesV, each Access Rule (Acr...) column is named for a particular privilege, which is also associated with an access action and a SQL statement. In each column, each character position represents the frequency with which checks performed on that privilege are to be logged, as follows:

1 Position 1 (every privilege check) indicates how often to log checks on this privilege when performed against any requests (submitted by a specified user) that attempt to access the specified object. Possible values that could appear in each position are as follows:

a B = Both FIRST and LAST occurrences are to be logged.

b E = Each occurrence is to be logged.

c F = FIRST occurrence is to be logged.

d L = LAST occurrence is to be logged.

e Blank = No logging.

2 Position 2 indicates how often to log checks on this privilege when performed against requests (submitted by a specified user) that are not allowed to access the specified object (that is, check results are Denials).

a B = Both FIRST and LAST occurrences are to be logged.

b E = Each occurrence is to be logged.

c F = FIRST occurrence is to be logged.

d L= LAST occurrence is to be logged.

e Blank = No logging.

3 Position 3 (save text of request) indicates whether to record the text of the requests that cause a check on this privilege.

a - = Save text only for Denial entries.

b + = Save text for all entries.

c = = Save text for all entries (specified in multiple BEGIN LOGGING statements).

d Blank = No WITH TEXT option specified.

If the following statements are submitted, a SELECT statement retrieving the AccLogRules entries for User1 returns the rows as shown:

BEGIN LOGGING ON EACH CREATE TABLE BY Jones ON USER Jones ;
BEGIN LOGGING DENIALS WITH TEXT ON FIRST CREATE DATABASE
   BY Jones ON DATABASE Personnel ;
==> SELECT * FROM DBC.AccLogRulesV WHERE UserName = ’Jones’ ;

Result:

 
  • In the first row, the UserName “Jones”, the DatabaseName “Jones”, and the “E” in the first position of the CTB column indicate that a log entry is to be made each time a check for the CREATE TABLE privilege is performed in response to a request by Jones to create a table in his own space.
  • In the second row, the UserName “Jones”, the DatabaseName “Personnel”, and the “F” in the second position of the CDB column indicate that a log entry is to be made the first time a check for a CREATE DATABASE privilege that results in a denial is performed in response to a request by Jones to create a database in the Personnel database. The “-” in the third position of the CDB column indicates that the text of the denied statement is to be saved in the log entry.