- The username and password assigned and communicated from the initiator connector takes precedence over the one defined for the Teradata target connector properties.
For example, if the Teradata initiator provides an authorization object, it takes precedence over security-related connector property settings. Defining these connector properties is optional. If, however, credentials are not provided by the initiator connector, a username and password must exist in its connector property settings.
- An Administrator can define user mappings in the QueryGrid portlet if the initiator end user differs from the remote system end user. This is the user to which you have granted CONNECT THROUGH on the remote system.
- For user mapping, the local user submitting the query is mapped to the remote user that submits the query. User mapping applies as follows:
- For a Teradata initiator connector, user mapping can be used when it is set up with DEFINER authorization such that the local user submitting the query is the not the same as the authenticating user.
- For a target connector, user mapping is applicable when it is set up with the TRUSTED authentication mechanism and the remote user is not the same as the authenticating user.
Trusted User or Service Accounts are a proxy user that act on behalf of the local user. You configure trusted sessions by granting CONNECT THROUGH privileges to proxy user or permanent end user. To do this perform the following steps on the remote system:
CREATE USER proxyuser AS PERM = 0 PASSWORD = password; GRANT CONNECT THROUGH proxyuser TO PERMANENT target_end_user without role; >> this target_end_user is the user that has access to objects that we will access from local system
|Authentication Mechanism||Set to Trusted.|
|Username||Set to the proxy user name.|
|Password||Set to the password for proxy user.|
|Authentication Mechanism||Set to TD2.|
|Username||Set to the authorization user name.|
|Password||Set to the password for the authorized user.|
|Authentication Mechanism||Set to LDAP.|
|Username||Set to the LDAP directory user name.|
|Password||Set to the password for the user.|
For detailed information about how to configure Teradata target connectors to use LDAP authentication, refer to the Orange Book: User Authentication and Directory Integration.
|Authentication Mechanism||Set to Kerberos.|
|Username||Set to the Kerberos principal name.|
|Password||Set to the password for the Kerberos principal name.
QueryGrid authenticates a principal using a password.
|Realm||Set to the Kerberos realm.|
For more information, see Teradata Connector and Link Properties.