16.10 - tdspolicy for a TD2 User - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

Users who log on with the TD2 mechanism are not subject to local policy because they are not authenticated or authorized in the directory. When you specify a Teradata Database username for -u, TDGSS looks in the TdgssUserConfigFile.xml to see if a global policy applies to the user.

Profile-based policies do not apply to users authenticated by TD2.
$ tdspolicy -u td2user –i 141.206.3.173
Querying policy using the following parameters:

       Teradata user: td2user
          IP address: 141.206.3.173

          Mechanisms: td2
Confidentiality QoPs: default

where the Teradata Database user specified by -u:

  • Can use only the TD2 mechanism to log on.
  • Confidentiality is required, but because a TD2 user is not authenticated or authorized in the directory, QOP strength defaults to the DEFAULT QOP.