Security Logon Operation - Teradata Director Program

Teradata Director Program Reference

Product
Teradata Director Program
Release Number
15.00
Language
English (United States)
Last Update
2018-09-28
dita:id
B035-2416
lifecycle
previous
Product Category
Teradata Tools and Utilities

Security Logon Operation

The security logon operation is a four-stage process that involves:

  • TDP
  • The z/OS System Authorization Facility (SAF)
  • Your external security manager
  • The Teradata Database
  • 1 At logon time, if the security logon function is enabled, TDP compares the Teradata Database user id supplied by the logon application with the authid associated with the requesting mainframe address space:

     

    IF there is . . .

    THEN . . .

    a match, either explicit or implicit (no Teradata Database userid supplied)

    TDP allows the logon to proceed with no further security processing.

    not a match

    TDP sends logon validation and authorization requests to the SAF interface to determine:

  • First, whether the user/authid is valid (validation)
  • And, if it is valid, whether the user/authid is allowed access to the particular TDP (authorization)
  • 2 The SAF interface routes the logon validation and authorization requests to the external security manager.

    3 The external security manager checks its own database or repository to identify the user and verify access authorization.

    4 The external security manager response to the SAF validation and authorization requests indicates:

  • Whether the validation request succeeded or failed
  • Whether the authorization request was approved or disapproved
  • Any reason codes associated with a failed or disapproved request