15.00 - External Security Clause - Teradata Database

Teradata Database SQL Data Definition Language Detailed Topics

prodname
Teradata Database
vrm_release
15.00
category
Programming Reference
featnum
B035-1184-015K

External Security Clause

This clause is mandatory for all functions that perform operating system I/O. Failing to specify this clause for a function that performs I/O can produce unpredictable results and even cause the database, if not the entire system, to reset.

Note that authorization_name is an optional Teradata extension to the ANSI SQL:2011 standard.

  • The external security authorization associated with the function must be contained within the same database as the function (see “CREATE AUTHORIZATION/ REPLACE AUTHORIZATION” on page 206).
  • When a function definition specifies EXTERNAL SECURITY DEFINER, then that function executes under the OS user associated with the specified external authorization using the context of that user.
  •  

    IF the UDF runs in this mode …

    THEN the OS user must be …

    protected

    tdatuser, which must be a member of the tdatudf OS group.

    secure

    an OS user assigned to an authorization name using the CREATE AUTHORIZATION statement (see “CREATE AUTHORIZATION/ REPLACE AUTHORIZATION” on page 206).

    The specified OS user must belong to the tdatudf OS group.

    Contact your Teradata technical support representative if you need to change this for any reason.

    The following rules apply:

  • If you do not specify an authorization name, then you must create a default DEFINER authorization name before a user attempts to execute the function (see “CREATE AUTHORIZATION/ REPLACE AUTHORIZATION” on page 206).
  • If you have specified an authorization name, then an authorization object with that name must be created before you can execute the function (see “CREATE AUTHORIZATION/ REPLACE AUTHORIZATION” on page 206).
  • The system returns a warning message to the requestor when no authorization name exists at the time the UDF is being created.

    Related Topics

    See the following books for more information about coding and using external functions.

  • SQL Data Definition Language Syntax and Examples
  • SQL Functions, Operators, Expressions, and Predicates
  • SQL External Routine Programming
  • SQL Data Types and Literals
  • SQL Data Manipulation Language
  • See Security Administration for detailed information about row‑level security and how it is enforced using scalar UDFs.