You can run the tdspolicy tool from the command prompt on a Teradata Vantage node to investigate the security policy assignments that are currently in effect for a specific combination of user, profile, and log on IP address.
For externally authenticated or authorized users, you can base the specification of tdspolicy command line variables on the information provided by tdsbind testing.
For example:
tdspolicy -u user -i ip_address [-s service] [-p profile]
where:
| Option | Description |
|---|---|
| -u user | Required. You can specify a Vantage user name if:
You can specify the DN of a directory principal for a directory user if the user is authenticated using KRB5 or LDAP, AuthorizationSupported=yes, and the user is not mapped to a tdatUser entry. |
| -i ip_address | Required. The IP address from which the user logs on. |
| -s service | Required to return information on a local security policy. Specify the DN of the service that contains the local policy. If the -u user authenticates in a specific service, -s must specify the DN of that service.
If this option is not present to request local policy information for a specific service, tdspolicy returns information for the global policy, if a global policy exists. For information on global policy, see Configuring Policy-Related Properties for a Global Security Policy. |
| -p profile | Optional. Identifies an existing profile that is assigned to the user.
The tdspolicy command returns information indicating whether any policy applies to the specified profile. If a directory principal is mapped to a Vantage user and a profile in the directory, the mapped profile takes precedence over the profile assigned to the mapped permanent user.
|