Option 2: Directory Authentication and Authorization - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢
If directory users do not have matching user names in the database, or if the matching user name does not have all the requisite database privileges, you can authorize privileges in the directory by mapping directory users to database users, and to database external roles and profiles.
  • You can map directory users with very limited access needs to the system-generated pseudo-user, EXTUSER, which has database privileges similar to PUBLIC, by default. Directory users mapped to one or more Vantage roles or profiles--and not mapped to a database user--automatically gain EXTUSER privileges in addition to those privileges acquired from the roles/profiles.
  • If the directory user requires an individual database account, you can enable the DBSControl AutoProvision parameter and map the directory user to a role or profile. In this case, a database account is automatically provisioned for the user and they are logged on to the database as that user instead of EXTUSER.

For information on EXTUSER, see Characteristics of Directory Users Mapped to Permanent Database Users.

For information on auto provisioned users, see About Auto Provisioned Directory Users.