Implementing Teradata Secure Zones | Teradata Vantage - Implementing Teradata Secure Zones - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

To set up and use a secure zone, the following tasks need to be performed:

  1. An existing user with the appropriate privileges should grant zone creation privileges to an existing user or should create a user and grant the privileges needed to create zones to that user.

    See Privileges in Teradata Secure Zones.

    For more information, see Teradata Vantage™ - SQL Data Control Language, B035-1149.

  2. The zone creator must create an empty user or database to be zone root or assign an existing user or database to be or zone root. If the zone creator creates the zone with a user as root, then the zone creator must have DROP USER privilege on that user. If the zone creator creates the zone with a database as root, then the zone creator must have CREATE USER privilege on the database that becomes the root.

    For information about creating users and databases, see Teradata Vantage™ - Database Administration, B035-1093.

  3. The zone creator must create a secure zone.

    See Creating a Zone.

  4. If the creator creates the zone with ROOT as a user, skip this step. If the creator creates the zone with ROOT as a database, then assign a primary DBA to the zone.

    See Adding a Primary DBA to a Zone.

  5. The zone creator can add zone guests to the zone, if desired.

    See Adding Zone Guests to a Zone.

  6. The primary DBA can create at least one zone user in the zone using the existing CREATE USER syntax. Any of these zone users can then optionally create other zone users.

    See Creating Zone Users in a Zone.

  7. If the zone creator added zone guests, a zone user must grant them the desired privileges.

    For information about granting privileges, see GRANT (SQL Form) in Teradata Vantage™ - SQL Data Control Language, B035-1149.

  8. If you want to map the users in the zone to a proxy user or to preexisting directory users, you can either set up a proxy user or set up roles.

    See About Using a Proxy User or Directory User in a Zone.