Database User Implementation Process | Teradata Vantage - Directory Database User Implementation Process - Advanced SQL Engine

Database User Implementation Process | Teradata Vantage - Directory Database User Implementation Process - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

September 2020

Language

English (United States)

Last Update

2021-01-23

dita:mapPath

ied1556235912841.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

Evaluate the system for directory management of Teradata Vantage users. See Evaluating the System for Directory Management of Users.
- Make sure your directory is compatible with Vantage.
- Run tests to ensure that the directory properly communicates with the database.
Determine the directory authentication/authorization strategy and learn the configuration requirements. See Working with Directory User Management Options.
Enable directory authentication/authorization as shown in the “Setting Up” topic for the option(s) that you want to implement.
- For auto provisioning perform the steps in Option 2: Directory Authentication and Authorization or in Option 3: Non-LDAP External Authentication with Directory Authorization depending on which matches your site configuration.
- For lightweight LDAP authorizations perform the steps in Option 4: Lightweight LDAP Authorizations.
Review directory user characteristics, privileges, and required directory setup tasks. See About Directory User Characteristics.
In the database, create profiles and external roles for assignment to directory users. See Creating Users and Granting Privileges.
- For information on creating external roles see Using Roles for Directory Users.
- For information about profiles see the topics beginning with Working with Database Profiles.
  Auto provisioned users must be assigned to a role or profile and not mapped to a database user.
Provision directory users using either of these procedures.
- Provisioning Directory Users with Teradata Schema Extensions.
- Using Native Directory Schema to Provision Directory Users.
If they do not already exist in the directory, create database objects for roles and profiles. For auto provisioning create directory roles based on the external roles in the database. Assign directory principals to roles or profiles.
- See the examples in Mapping Directory Users to Vantage External Roles.
- For information about profiles see About Assigning Profiles to Users and see the example in Mapping Directory Users to Vantage Profiles.
Skip this step if you are using lightweight LDAP authorizations. For lightweight LDAP authorizations you do not need to create database objects for users, roles, and profiles in the directory (in the tdatSystem).
Test the setup. See Testing Directory Authentication and Authorization Setup.
Evaluate, and if necessary configure, LDAP binding and protection options. See:
1. LDAP Binding Options.
2. SSL/TLS Protection Options.
Evaluate, and if necessary, configure directory search options. See Optimizing Directory Searches.
If multiple directory services access Teradata Vantage, evaluate the need to complete special setup procedures. See:
- Configuring LDAP for Site-Aware Authentication.
- Configuring LDAP to Use Multiple Directory Services.
In a multi-system environment, where users log on through Unity, observe the additional directory configuration requirements needed for Unity. For information about Unity, see Teradata® Unity™ Installation, Configuration, and Upgrade Guide for Customers, B035-2523 and Teradata® Unity™ User Guide, B035-2520.
Teradata recommends that you implement and test LDAP authentication and authorization of users for individual database systems before attempting to configure it for Unity.
Evaluate, and if necessary configure, network security policies in the directory. See Network Security Policy.