16.10 - If All Directory Users Are Unmapped - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

If no directory users are mapped to Teradata Database users, you can set the LDAP mechanism AuthorizationSupported property no, to allow directory users with a username that matches a Teradata Database username to:

  • Log on to the database and be authenticated by the directory
  • Inherit all the database privileges of the matching database user

Unmapped directory users whose user names do not match a database username cannot access the database. The exception is EXTUSER. If a user is assigned to EXTUSER, the user is provided limited database access in the same way that PUBLIC provides limited access to permanent database users. Additionally, if a user is assigned to EXTUSER or assigned to a role or profile, and if auto provisioning is configured on the system, an individual database account will automatically be created for the user.