ShowAllUserNames - Advanced SQL Engine - Teradata Database

Database Utilities

Product
Advanced SQL Engine
Teradata Database
Release Number
17.00
Published
June 2020
Language
English (United States)
Last Update
2020-06-15
dita:mapPath
boh1556732696163.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1102
lifecycle
previous
Product Category
Teradata Vantage™

Purpose

Determines whether user names are shown in Teradata Database logs, including user names that have not been authenticated.

Field Group

General

Valid Settings

Setting Description
TRUE Show all user names in logs, regardless of whether user names are authenticated.
FALSE Conceal any unauthenticated user name in logs as "Non-existent User".

Default

FALSE

Changes Take Effect

After the DBS Control record has been written.

Usage Notes

Affected logs are:
  • DBC.Eventlog table
  • Views based on DBC.Eventlog, such as DBC.LogOnOffV
  • Operating system log, for example, /var/log/messages
If you set ShowAllUserNames to TRUE, all user names, including those that cannot be authenticated, are logged and visible in the affected logs. This can be a security risk, because a common user error is to enter a password in the user name logon field, which would fail authentication. If ShowAllUserNames is TRUE, these misplaced passwords would be visible in the affected logs.

The default setting of FALSE prevents these unauthenticated user names from being visible in the logs by recording them as Non-existent User.

Change this field value to TRUE only if you determine that the utility of seeing unauthenticated user names in the affected logs overrides the risk of exposing potentially misplaced passwords.

Related Topics

For More Information on… See…
Gateway logging Gateway Control (gtwcontrol) and Gateway Global (gtwglobal).
User authentication and security Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.