Access Control of ML Engine Analytic Functions | Teradata Vantage - Access Control of ML Engine Analytic Functions

Access Control of ML Engine Analytic Functions | Teradata Vantage - Access Control of ML Engine Analytic Functions - Teradata Vantage

Machine Learning User Guide

Product

Teradata Vantage

Release Number

9.01

1.3

Published

August 2020

Language

English (United States)

Last Update

2020-10-02

dita:mapPath

dci1595445931473.ditamap

dita:ditavalPath

dqp1599597541027.ditaval

dita:id

B700-4004

lifecycle

Product Category

Teradata Vantage™

A user with administrative privileges can grant or revoke access control of ML Engine analytic functions. For example:

To grant the trusted user td_ffe_svc_acct the privilege to set role to the permanent user username:

grant ctcontrol on username to td_ffe_svc_acct;
grant connect through td_ffe_svc_acct to permanent username without role;

To grant the privilege for username to execute functions from syslib, thereby giving access to the function mappings:

grant execute function on syslib to username with grant option;

The following grants allow username to export data, execute foreign functions, and import the results:

grant execute function on TD_SYSFNLIB.QGEXECUTEFOREIGNQUERY to username;
grant execute function on TD_SYSFNLIB.QGINITIATOREXPORT to username;
grant execute function on TD_SYSFNLIB.QGINITIATORIMPORT to username;
grant execute function on TD_SYSFNLIB.QGREMOTEEXPORT to username;
grant execute function on TD_SYSFNLIB.QGREMOTEIMPORT to username;
GRANT SELECT ON TD_SERVER_DB.coprocessor TO username;
GRANT INSERT ON TD_SERVER_DB.coprocessor TO username;
GRANT execute function on TD_SERVER_DB.coprocessor to username;

The next set of grants allow username to access a view in which the ML Engine connector will log errors:

grant select on td_mle_db.user_mle_errors to username;
grant insert on td_mle_db.user_mle_errors to username;
grant delete on td_mle_db.user_mle_errors to username;