16.10 - tdspolicy for a Directory Principal Mapped to a Teradata User - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

If a directory principal is mapped to a Teradata user object, specify the -u as the name of the database user.

$ tdspolicy -u perm01 –p profile01 –s local –i 141.206.3.15
Querying policy using the following parameters:

       Teradata user: perm01
    Teradata profile: profile01
          IP address: 141.206.3.15

          Mechanisms: td2, ldap
Confidentiality QoPs: high
      Integrity QoPs: low
             Options: no-direct-connect

where:

  • The directory principal (-u) can use only the TD2 or LDAP mechanism to log on.
    Profile01, which is mapped to the directory principal, applies only for LDAP logons. Profile-based policy does not apply to TD2 sessions.
  • The system automatically uses the high confidentiality QOP (which supersedes the low integrity QOP) for all user message transmissions.
  • The directory principal cannot connect directly to the database from the network, but must log on through a Unity tdpid or a mainframe connection.