16.10 - Pooled Session Requirements - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

When users access the database through an application that uses pooled sessions, then:

  • if the application is not a trusted user, the row level security constraints for all end users derive from the application logon user. Teradata recommends to not allow users to access tables protected by row level security through non-trusted user applications, because the system cannot apply row level security to the individual end users or track their actions in access logs.
  • if the application is a trusted user:
    • If the proxy user is linked to a permanent database user by using the TO PERMANENT clause in the GRANT CONNECT THROUGH statement, the row level security constraints derive from the permanent user, including the user profile.
    • If the proxy user is not linked to a permanent database user, but has a profile assigned through the GRANT CONNECT THROUGH statement, the row level security constraints derive from the assigned profile.
    • If the proxy user is not linked to a permanent database user, and does not have a profile assigned, the system cannot set a row level security constraint for the session, so attempts to access row level security tables fail.

To provide safe access to row level security tables, set up applications for trusted sessions.