16.10 - Using LDAP Directory Objects in Policies - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can assign a security policy to Teradata user and profile objects in the directory.

Some Teradata user and profile objects may already exist in the directory as a result of configuring LDAP authorization, as shown in the following diagram.



Teradata users and profiles must exist in the directory before you can assign security policies to them.

In a multiple database environment, where users log on through Unity, a single tdatSystem object, related authorization structure, and set of security policies applies to all directory users.

In cases where directory users can log on through Unity or directly to the database, Teradata recommends a single authorization structure for all logons, but it is not required.

For information on creating profile and user objects, see Provisioning Directory Users with Teradata Schema Extensions or Using Native Directory Schema to Provision Directory Users.