16.10 - Teradata Object Attributes in the Directory Information Tree - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

The Teradata extensions to the directory schema include attributes that Teradata directory objects can or must contain:

  • Required: Attributes that must appear in the objects that can contain them.
  • Optional: Attributes that may be required if certain conditions are present.
  • Generated: Attributes automatically generated by Active Directory, ADAM, and AD LDS.
Attribute Name Description Occurrence Directory
cn The common name of the object. Required.

One occurrence per tdat object.

All directories
description A description of the object, how it is used, or other wording to help place the object within its overall context. Optional.

No limit on occurrences.

tdatUserMember FQDN of a directory user that maps to the Teradata Database User named in the cn attribute of the tdatUser object. Required to map directory users to tdatUser objects.

One or more occurrences per mapped object.

tdatRoleMember FQDN of a directory group that maps to the Teradata Database role named in the cn attribute of the tdatRole object. Required to map directory groups to tdatRole objects.

One or more occurrences per mapped object.

All Directories
tdatProfileMember FQDN of a directory profile that maps to the Teradata Database profile named in the cn attribute of the tdatProfile object. Required to map directory users to tdatProfile objects.

One or more occurrences per mapped object.

tdatAllowDeny This attribute is a boolean switch in an tdatIPFilter object.

When set to TRUE, the IP filter is a restrictive filter.

When set to FALSE, the filter is a permissive filter.

Required to define the type of IP filter.

One occurrence per object.

tdatAllowedIP Each attributes contains an IP address and a mask, which define filter criteria.

In a restrictive filter:

  • Use the tdatAllowIP attribute to specify the range of IP addresses allowed to log on to the database.
  • Use the tdatDenyIP to define exceptions to the IP range allowed by the tdatAllowIP.

In a permissive filter:

  • Use the tdatDenyIP attribute to specify the range of IP addresses denied permission to log on to the database.
  • Use the tdatAllowIP to define exceptions to the IP range denied by the tdatDenyIP.
Required.

A tdatIPFilter must contain at least the primary attribute for the filter type.

For information creating IP filters, see About IP Filters.

tdatDeniedIP
tdatIPFilterMember FQDN of a directory profile that maps to the Teradata Database profile named in the cn attribute of the tdatProfile object. Required to map directory users to tdatIPFilter objects.

One or more occurrence per mapped object.

tdatIPFilterMemberOf The FQDN of an IP filter named in an ipFilters object. Generated.

For further information on generated objects and attributes, see Special Objects and Attributes Required for Active Directory, ADAM, and AD LDS.

Active Directory, ADAM, or AD LDS only
tdatUserMemberOf FQDN of a Teradata Database user in an Active Directory, ADAM, or AD LDS userobject.
tdatRoleMemberOf FQDN of a Teradata Database role in an Active Directory, ADAM, or AD LDS groupobject.
tdatProfileMemberOf FQDN of a Teradata Database profile in an Active Directory, ADAM, or AD LDS user object.