16.10 - About the Has-Policy Option - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

In a Unity environment, application of the has-option policy causes the system to transmit message traffic between Unity and a connected database in clear text.

The has-policy option is useful if the Unity server is co-located with the connected database systems. Encryption is maintained between Teradata clients and the Unity server, while being eliminated for an otherwise secure connection between the Unity server and the database, saving processing costs associated with the unneeded encryption-decryption cycle.

  • If you enable the has-policy option, and neither the Unity server IP address or the Unity user that connects to the database has a QOP explicitly defined, the system requires the transmittal in clear text.
  • If the Unity user or IP address has an assigned QOP policy, the system ignores the has-policy option.
  • If you do not enable the has-option policy, and the Unity user or IP address does not have an assigned QOP, the system uses the same QOP that applies to transmissions between the client and Unity.

You can apply the has-option policy to the DN of a:

  • Teradata user name (tdatUser object) or a directory user name (directory principal)
  • Teradata profile name (tdatProfile object)
  • Network group (tdatNetworkGroup object)