Repository Object Access
Application groups and security profiles control access to repository objects. As is the case with MDS users, the MDS administrator creates and maintains application groups and security profiles.
Application Groups
Teradata MDS also maintains application groups, a set of previously defined MDS users. Permissions assigned to an application group in a security profile are granted to all users in the group.
For detailed information on application groups, see “Users and Groups” on page 63.
Security Profiles
Every object in the Teradata MDS repository is assigned a security profile. A security profile is a special object which is used to contain (or reference) MDS users and application groups. Each MDS user and group identified in a security profile can have a permission assigned to it. The result is that an MDS user will have specific access rights to a repository object, only if the security profile assigned to the object grants the user (or group to which the user belongs) those specific access rights.
Initially, it may be useful to use the default security profile provided by MDS until special permissions need to be assigned to objects for certain users or groups.
For detailed information on security profiles, see “Security Profiles” on page 67.
Access to objects in Teradata MDS is based on the access type in the security profile associated with the object. If an object is not given public read access, a user will not be able to see the object unless specifically granted access as a user or as a member of an application group in the security profile for that object.
Figure 4: Object Access Security
In this example, Mary, Fred, and all users in the Acct and Pay application groups have read permission to databases A and B. Fred and the users in the Pay application group also have write access to databases A and B.
Lucy and all users in the Acct application group have read and write access to databases C and D. No other users can view these databases.