15.00 - 15.10 - Security Monitoring - Teradata Database

Teradata Database Introduction to Teradata

Product
Teradata Database
Release Number
15.00
15.10
Content Type
User Guide
Publication ID
B035-1091-151K
Language
English (United States)
Last Update
2018-09-25

Teradata Database provides the capability for two types of user security monitoring:

  • All user logon and logoff activity is automatically collected in the Event Log and can be accessed using the DBC.LogOnOffV system view. Listed parameters include:
  • Database username
  • Session number
  • Logon events, including the causes of any unsuccessful logons
  • Optional access logging records user attempts to access the database and can be accessed using the DBC.AccessLogV view, including the following access parameters:
  • Type of access
  • Type of request
  • Requesting database username
  • Referenced database object
  • Frequency of access
  • Note: Access log entries are generated each time the database checks a privilege to determine whether or not it will honor a user request.

    Logging of Directory Users

    Directory users are logged by directory username rather than by the name of any database user they may be mapped to.

    Logging of Middle-tier Application Users

    Users that access the database through a middle-tier application by means of a trusted session and who are set up as proxy users are logged by their proxy user name. If the middle-tier application and its end users are not set up for trusted sessions, all such users will appear in the log as the same username, that is, the name used by the application.

    Enabling and Disabling Access Logging

    Use the BEGIN and END LOGGING statements to enable and disable logging and to indicate which access parameters should be logged. Access logging can be set up for almost any database object, for instance, users, databases, or tables.

    Security-related System Views

    The Data Dictionary provides s number of security-related system views, including the following.

     

    View

    Description

    DBC.AccessLogV

    Each entry indicates a privileges check that has resulted from a user request.

    DBC.AccLogRulesV

    Lists the access logging rules contained in each BEGIN and END LOGGING statement. These rules are used by the database to determine the access logging criteria for a particular user or database object.

    DBC.LogOnOffV

    Lists all logon and logoff activity.

    DBC.LogonRulesV

    Lists the logon rules that result from GRANT and REVOKE LOGON statements. These rules are used by the database to determine whether or not to allow logon privileges to a particular user.

    For a complete listing of security-related system views, see Security Administration.