16.10 - About Access Logging Information in System Views - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

Teradata Database stores various types of security information in data dictionary tables residing in the DBC system database. System views based on these tables contain access logs and other security-related data.

View Name Description
Access Logging Views
DBC.AccessLogV Indicates the results of a privilege check performed against a Teradata SQL request. The system logs privilege checks based on the criteria defined in the current logon rules.
DBC.AccLogRulesV Lists the current logging rules, which the system derives from BEGIN LOGGING statements, and uses to determine which privilege checks should create entries in the DBC.AccLogTbl table.
DBC.DeleteAccessLogV Lists the entries from the access log by date and time, to help you identify aged data that you should remove. You can only remove entries more than 30 days old.

To remove all entries over 30 days old, you can enter:

  DELETE FROM        DBC.DELETEACCESSLOG ALL ;
DBC.LogOnOffX Lists logon and logoff activity, the associated user, session number, and attempted logon events. Event data indicates the reasons for unsuccessful logon attempts.

For unsuccessful logons, the table stores the string “Non-existent User,” instead of the username used in the logon.

DBC.LogonRulesV Lists the users named in previous GRANT LOGON or REVOKE LOGON statements, and indicates which users have WITH NULL PASSWORD privileges, which allows them to be externally authenticated.

The system uses these entries to determine whether to allow access.

DBC.SecurityLogX Lists a subset of the data on privilege checking from DBC.AccLogTbl, limited to username, table, database, logon time, and account.
User and Privilege Views
DBC.AllRightsX Lists all automatically or explicitly granted privileges for a user or database, and the objects to which the privileges apply.
DBC.AllRoleRightsV Lists all privileges granted to each role.
DBC.RoleInfoX Lists the name of the creator for each role.
DBC.RoleMembersX Lists each role, all of its members, and whether it is the default role for each of the members.
DBC.UsersV Lists information about all users defined in the database. The information is derived from system table DBC.DBase.
DBC.UserGrantedRightsV Lists the explicit privileges that a user grants to other users.
DBC.UserRightsV Lists all database privileges explicitly granted to each user. It does not list the implicit privileges for the users.
DBC.UserRoleRightsV Lists all roles, including any nested roles, available to each user, along with the privileges granted to each role.

Does not list directory users or their mapped external roles.

Password Control Views
DBC.ProfileInfoX Lists all profiles and associated parameter settings.

Use this view to check the password control settings for a profile.

DBC.RestrictedWordsV Lists words that are not allowed in a password string when the RestrictedWords control is enabled.
DBC.SecurityDefaultsV Lists the current global password controls and associated values.