16.10 - Working with OS-Level Security Options - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

During installation of Teradata Database 14.0 or higher, the system automatically creates the following default OS-level security structure.

Default User or Group Description
Users
teradata Teradata Database runs as the teradata user, which is a member of the tdtrusted group.
tdatuser Runs UDFs in protected mode and is a member of the tdatudf group.
Groups
tdtrusted Has permission to run OS-level Teradata Database processes and utilities, and provides this permission to member users:
  • teradata (created by default to run Teradata Database)
  • Other administrative users that you create who require OS-level access, for example, to run utilities or change the TDGSS configuration.
Although you can run OS-level utilities and processes as root, Teradata recommends that for secure operation you severely limit root access and create individual administrative user accounts in the tdtrusted group to run Teradata utilities and other OS-level functions.

For information on starting utilities that need OS-level of access, see Utilities.

tdatudf Has permission to run UDFs in protected mode and provides this permission to member users:
  • tdatuser (created by default)
  • Other users you create who need to run UDFs in secure mode
Although most OS-level tasks can be run by the users defined in the table above, you must use root access to:
  • Install a new version of Teradata Database
  • Start the database when it is down

If your site security policy requires an alternative OS-level access strategy, contact your Teradata Customer Service representative for assistance.