16.10 - tdspolicy for a TD2 User - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

Users who log on with the TD2 mechanism are not subject to local policy because they are not authenticated or authorized in the directory. When you specify a Teradata Database username for -u, TDGSS looks in the TdgssUserConfigFile.xml to see if a global policy applies to the user.

Profile-based policies do not apply to users authenticated by TD2.
$ tdspolicy -u td2user –i 141.206.3.173
Querying policy using the following parameters:

       Teradata user: td2user
          IP address: 141.206.3.173

          Mechanisms: td2
Confidentiality QoPs: default

where the Teradata Database user specified by -u:

  • Can use only the TD2 mechanism to log on.
  • Confidentiality is required, but because a TD2 user is not authenticated or authorized in the directory, QOP strength defaults to the DEFAULT QOP.