16.10 - tdspolicy for a TD2 User - Teradata Database

Teradata Database Security Administration

Teradata Database
Release Number
Release Date
June 2017
Content Type
Publication ID
English (United States)

Users who log on with the TD2 mechanism are not subject to local policy because they are not authenticated or authorized in the directory. When you specify a Teradata Database username for -u, TDGSS looks in the TdgssUserConfigFile.xml to see if a global policy applies to the user.

Profile-based policies do not apply to users authenticated by TD2.
$ tdspolicy -u td2user –i
Querying policy using the following parameters:

       Teradata user: td2user
          IP address:

          Mechanisms: td2
Confidentiality QoPs: default

where the Teradata Database user specified by -u:

  • Can use only the TD2 mechanism to log on.
  • Confidentiality is required, but because a TD2 user is not authenticated or authorized in the directory, QOP strength defaults to the DEFAULT QOP.