16.10 - About Assigning Profiles to Users - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The user categories shown in the table below require differing strategies for assigning profiles.

For a description of each database user type, see the table in About Database User Types.
Database User Type Profile Assignment Method
Permanent database users Specify the profile name in the CREATE USER or MODIFY USER statement for the user.
Directory users Assign profiles to directory users in one of the following ways:
  • Map the directory user to one or more Teradata profile objects. For directory users mapped to more than one profile, the user must set the profile using profile=profile_name in the .logdata portion of the logon string.

    For information on mapping directory users to database profiles, see Mapping Directory Users to Database Profiles.

  • Map the directory user object to a Teradata Database user to provide the following profile assignment options:
    • The directory user inherits the profile assigned to the database user.
    • If the database user does not have an assigned profile, the directory user inherits the default parameter values for the database user. See Default Values for the CREATE PROFILE Statement.
    • For directory users mapped to a Teradata Database profile and a database user, the mapped profile takes precedent by default.

    For information mapping directory users to database users, see Mapping Directory Users to Database Users.

Application logon users or trusted users Specify the profile name in the CREATE or MODIFY USER statement for the user name under which the application logs on to the database. The application user profile applies to all users that log on through the application.
Proxy users Proxy users who are also permanent database users, and for whom queries are sent to the database through a trusted user application, are subject to any row level security constraints that appear in the profile assigned to the corresponding permanent user.

All other profile-based privileges are taken from the profile assigned to the trusted user application.

For information on options for end users logging on through middle-tier applications, see Working with Middle-Tier Application Users.

For information on row level security constraints, see Implementing Row Level Security.

For information about the types of users that exist when you use secure zones, see Implementing Teradata Secure Zones.