16.10 - Implementing Teradata Secure Zones - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

To set up and use a secure zone, the following tasks need to be performed:

  1. An existing user with the appropriate privileges should grant zone creation privileges to an existing user or should create a user and grant the privileges needed to create zones to that user.

    See Privileges in Teradata Secure Zones.

    For more information, see SQL Data Control Language.

  2. The zone creator must create an empty user or database to be zone root or assign an existing user or database to be or zone root. If the zone creator creates the zone with a user as root, then the zone creator must have DROP USER privilege on that user. If the zone creator creates the zone with a database as root, then the zone creator must have CREATE USER privilege on the database that becomes the root.

    For information about creating users and databases, see Database Administration.

  3. The zone creator must create a secure zone.

    See Creating a Zone.

  4. If the creator creates the zone with ROOT as a user, skip this step. If the creator creates the zone with ROOT as a database, then assign a primary DBA to the zone.

    See Adding a Primary DBA to a Zone.

  5. The zone creator can add zone guests to the zone, if desired.

    See Adding Zone Guests to a Zone.

  6. The primary DBA can create at least one zone user in the zone using the existing CREATE USER syntax. Any of these zone users can then optionally create other zone users.

    See Creating Zone Users in a Zone.

  7. If the zone creator added zone guests, a zone user must grant them the desired privileges.

    For information about granting privileges, see GRANT (SQL Form) in SQL Data Control Language.

  8. If you want to map the users in the zone to a proxy user or to preexisting directory users, you can either set up a proxy user or set up roles.

    See About Using a Proxy User or Directory User in a Zone.