Example: Changing the Row-Level Security Category for a Session - Advanced SQL Engine - Teradata Database

SQL Data Definition Language Syntax and Examples

Product
Advanced SQL Engine
Teradata Database
Release Number
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
wgr1555383704548.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1144
lifecycle
previous
Product Category
Teradata Vantage™

User arn_anderson logs on. The resulting session has a row-level security label consisting of an unclassified level and nato category. As soon as the session is established arn_anderson changes the category to norway.

     SET SESSION CONSTRAINT = classification_category (norway) ;

After the SET SESSION CONSTRAINT request executes the session has a label of unclassified and norway.

Assume that later on, the session initiated by arn_anderson wanted to read one of the 3 rows from inventory, so the user submits the following SELECT request.

     SELECT *
     FROM inventory
     WHERE col_1=12122;

The result of this request would be 0 rows and a value of ‘F’ returned signifying the that the user credentials failed security policy validation, so the constraint predicate added to the query evaluates to FALSE and the row is eliminated from the read.

Vantage does not return any rows for this request because the level of unclassified for arn_anderson does not allow him to read secret rows or because his category of norway does not allow him to read rows with a category of nato.