2.10 - Usage Notes - Teradata QueryGrid

Teradata® QueryGrid™ Installation and User Guide

prodname
Teradata QueryGrid
vrm_release
2.10
created_date
September 2019
category
Administration
Configuration
Installation
User Guide
featnum
B035-5991-099K
  • An authorization is required only if you are using an external security system such as Kerberos for authentication on the foreign server's target platform.
  • You must use either INVOKER TRUSTED or DEFINER TRUSTED when authentication on Hadoop is performed by an external security system such as Kerberos.
  • Use INVOKER TRUSTED when you want to create a one-to-one mapping between the Teradata user and the user on the foreign server's target platform. For example, using the same user name for Teradata and Kerberos.
  • Use DEFINER TRUSTED when you want to create a many-to-one mapping between Teradata users and a user on the target platform of the foreign server. For example, when you want multiple Teradata users who are making requests to the foreign server to use one Kerberos account on the target platform.
  • Username and Password connector properties can be set in the QueryGrid portlet. They are used for connector diagnostic checks and for end-to-end queries if they were not provided by the initiator in the authorization object.
  • When you create an authorization for another user using INVOKER TRUSTED, user_dbname must be specified. Specify the username associated with the session user who will be sending requests to the foreign server. If you fail to specify user_dbname, the authorization will be stored in your user database.
  • The authorization takes up no space in the database used to store it.
  • If your credentials change on the target platform of the foreign server, you must remember to replace the credentials in your authorization object. If you fail to update the invalid information, the next time that you try to reference the foreign server object, you get an error message.
  • If you drop an authorization object, keep in mind that it may be used by multiple foreign server objects. You should either drop the foreign server objects or alter them so that they specify a valid authorization object. If you fail to update the invalid information, the next time that you try to reference the foreign server object, you get an error message.