16.10 - Directory Database User Implementation Process - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  1. Evaluate the system for directory management of Teradata Database users. See Evaluating the System for Directory Management of Users.
    • Make sure your directory is compatible with Teradata Database.
    • Run tests to ensure that the directory properly communicates with the database.
  2. Determine the directory authentication/authorization strategy and learn the configuration requirements. See Working with Directory User Management Options.

    Enable directory authentication/authorization as shown in the “Setting Up” topic for the option(s) that you want to implement.

  3. Review directory user characteristics, privileges, and required directory setup tasks. See About Directory User Characteristics.
  4. In the database, create profiles and external roles for assignment to directory users. See Creating Users and Granting Privileges.
  5. Provision directory users using either of these procedures.
  6. If they do not already exist in the directory, create database objects for roles and profiles. For auto provisioning create directory roles based on the external roles in the database. Assign directory principals to roles or profiles.
    Skip this step if you are using lightweight LDAP authorizations. For lightweight LDAP authorizations you do not need to create database objects for users, roles, and profiles in the directory (in the tdatSystem).
  7. Test the setup. See Testing Directory Authentication and Authorization Setup.
  8. Evaluate, and if necessary configure, LDAP binding and protection options. See:
    1. LDAP Binding Options.
    2. SSL/TLS Protection Options.
  9. Evaluate, and if necessary, configure directory search options. See Optimizing Directory Searches.
  10. If multiple directory services access the Teradata Database, evaluate the need to complete special setup procedures. See:
  11. In a multi-system environment, where users log on through Unity, observe the additional directory configuration requirements needed for Unity. For information about Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers (B035-2523) and Teradata Unity User Guide (B035-2520).
    Teradata recommends that you implement and test LDAP authentication and authorization of users for individual database systems before attempting to configure it for Unity.
  12. Evaluate, and if necessary configure, network security policies in the directory. See Network Security Policy.