16.10 - About the Has-Policy Option - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

In a Unity environment, application of the has-option policy causes the system to transmit message traffic between Unity and a connected database in clear text.

The has-policy option is useful if the Unity server is co-located with the connected database systems. Encryption is maintained between Teradata clients and the Unity server, while being eliminated for an otherwise secure connection between the Unity server and the database, saving processing costs associated with the unneeded encryption-decryption cycle.

  • If you enable the has-policy option, and neither the Unity server IP address or the Unity user that connects to the database has a QOP explicitly defined, the system requires the transmittal in clear text.
  • If the Unity user or IP address has an assigned QOP policy, the system ignores the has-policy option.
  • If you do not enable the has-option policy, and the Unity user or IP address does not have an assigned QOP, the system uses the same QOP that applies to transmissions between the client and Unity.

You can apply the has-option policy to the DN of a:

  • Teradata user name (tdatUser object) or a directory user name (directory principal)
  • Teradata profile name (tdatProfile object)
  • Network group (tdatNetworkGroup object)