16.10 - Pooled Session Requirements - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

When users access the database through an application that uses pooled sessions, then:

  • if the application is not a trusted user, the row level security constraints for all end users derive from the application logon user. Teradata recommends to not allow users to access tables protected by row level security through non-trusted user applications, because the system cannot apply row level security to the individual end users or track their actions in access logs.
  • if the application is a trusted user:
    • If the proxy user is linked to a permanent database user by using the TO PERMANENT clause in the GRANT CONNECT THROUGH statement, the row level security constraints derive from the permanent user, including the user profile.
    • If the proxy user is not linked to a permanent database user, but has a profile assigned through the GRANT CONNECT THROUGH statement, the row level security constraints derive from the assigned profile.
    • If the proxy user is not linked to a permanent database user, and does not have a profile assigned, the system cannot set a row level security constraint for the session, so attempts to access row level security tables fail.

To provide safe access to row level security tables, set up applications for trusted sessions.