16.10 - About Security Administrator Responsibilities - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  • Work with the database administrator to review site security requirements and evaluate the Teradata Database security features that support those requirements.
  • Review the options for managing database user authentication and authorization, and select a strategy, based on site security policy.
  • Develop a security policy based on how the site uses Teradata Database capabilities to meet security needs. Distribute the policy to administrators.
  • Set up and manage the TDGSS configuration files to support the user authentication and authorization strategy.
  • Create and maintain database users, roles, profiles and security constraints.
    Although the security administrator creates these objects, the database administrator has knowledge of user needs and the required privileges on database objects, and is also responsible for determining and managing user privileges.
  • Coordinate with the database administrator and directory administrator to set up optional directory management of database users, including provisioning users in the directory, configuring associated mechanism properties, and setting up binding, protection, and user identification options.
  • Manage user logon permissions and password controls.
  • Set up optional access restrictions by IP address.
  • Set up database access logging and monitor the output for security violations.
  • Create a set of site security procedures and distribute them to users.
  • Take action to repel security threats, including revising user privileges, revoking logons, and dropping users. The security administrator should only take enforcement actions with the knowledge and participation of the database administrator.

For information on creating the security administrator and granting user privileges sufficient to carry out these responsibilities, see Creating the Security Administrator User.