Teradata Database stores various types of security information in data dictionary tables residing in the DBC system database. System views based on these tables contain access logs and other security-related data.
|Access Logging Views|
|DBC.AccessLogV||Indicates the results of a privilege check performed against a Teradata SQL request. The system logs privilege checks based on the criteria defined in the current logon rules.|
|DBC.AccLogRulesV||Lists the current logging rules, which the system derives from BEGIN LOGGING statements, and uses to determine which privilege checks should create entries in the DBC.AccLogTbl table.|
|DBC.DeleteAccessLogV||Lists the entries from the access log by date and time, to help you identify aged data that you should remove. You can only remove entries more than 30 days old.
To remove all entries over 30 days old, you can enter:DELETE FROM DBC.DELETEACCESSLOG ALL ;
|DBC.LogOnOffX||Lists logon and logoff activity, the associated user, session number, and attempted logon events. Event data indicates the reasons for unsuccessful logon attempts.
For unsuccessful logons, the table stores the string “Non-existent User,” instead of the username used in the logon.
|DBC.LogonRulesV||Lists the users named in previous GRANT LOGON or REVOKE LOGON statements, and indicates which users have WITH NULL PASSWORD privileges, which allows them to be externally authenticated.
The system uses these entries to determine whether to allow access.
|DBC.SecurityLogX||Lists a subset of the data on privilege checking from DBC.AccLogTbl, limited to username, table, database, logon time, and account.|
|User and Privilege Views|
|DBC.AllRightsX||Lists all automatically or explicitly granted privileges for a user or database, and the objects to which the privileges apply.|
|DBC.AllRoleRightsV||Lists all privileges granted to each role.|
|DBC.RoleInfoX||Lists the name of the creator for each role.|
|DBC.RoleMembersX||Lists each role, all of its members, and whether it is the default role for each of the members.|
|DBC.UsersV||Lists information about all users defined in the database. The information is derived from system table DBC.DBase.|
|DBC.UserGrantedRightsV||Lists the explicit privileges that a user grants to other users.|
|DBC.UserRightsV||Lists all database privileges explicitly granted to each user. It does not list the implicit privileges for the users.|
|DBC.UserRoleRightsV||Lists all roles, including any nested roles, available to each user, along with the privileges granted to each role.
Does not list directory users or their mapped external roles.
|Password Control Views|
|DBC.ProfileInfoX||Lists all profiles and associated parameter settings.
Use this view to check the password control settings for a profile.
|DBC.RestrictedWordsV||Lists words that are not allowed in a password string when the RestrictedWords control is enabled.|
|DBC.SecurityDefaultsV||Lists the current global password controls and associated values.|