15.00 - High-Level Process for Trusted Sessions - Teradata Database

Teradata Database SQL Data Definition Language Detailed Topics

Product
Teradata Database
Release Number
15.00
Content Type
Programming Reference
Publication ID
B035-1184-015K
Language
English (United States)

High‑Level Process for Trusted Sessions

The following event sequence outlines the general process stages undertaken to use a trusted session.

1 The security administrator creates CONNECT THROUGH privileges for an appropriate trusted_user:permanent | application_user pair using a GRANT CONNECT THROUGH request (see “GRANT CONNECT THROUGH” in SQL Data Control Language).

2 The middle tier application creates a connection pool to Teradata Database.

3 The application end user authenticates itself to the middle tier application and requests a service to submit a query to Teradata Database.

The method by which the application end user authenticates itself to the middle tier application is not described here because its authentication is the responsibility of the application, not of Teradata Database.

4 The middle tier application establishes a connection within the connection pool.

5 The middle tier application sets the active session identity and role for the application end user by submitting an appropriate SET QUERY_BAND request to Teradata Database.

6 Teradata Database verifies that the application end user has been granted trusted session access through the middle tier application database connection.

7 The middle tier application submits an SQL request to Teradata Database on behalf of the application end user.

8 Teradata Database verifies the privileges for the request based on the active roles defined for the application end user in step 1.

9 Teradata Database returns the result set to the middle tier application, which then forwards the result set to the application end user.

10 Teradata Database records the identity of the application end user in any rows inserted into Access Log and Database Query Log tables as appropriate.

 

IF the end user makes its connection as this kind of proxy user …

THEN its identity is logged using this name as specified for the CONNECT THROUGH privilege used to make the trusted session …

application

application name.

permanent

permanent user name.

See “GRANT CONNECT THROUGH” in SQL Data Control Language for the definitions of application and permanent users.

11 The middle tier application returns the connection it had withdrawn in step 4 to the connection pool.

12 The following housekeeping activities occur when either the session is terminated or Teradata Database receives a Cleanup parcel (flavor 80).

  • The proxy user is discarded.
  • Any session query bands are discarded.
  • Any transaction query bands are discarded.