Example: Non-Hierarchical Rules - Advanced SQL Engine

Example: Non-Hierarchical Rules - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

September 2020

Language

English (United States)

Last Update

2021-01-23

dita:mapPath

ied1556235912841.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

Operation	Example Rule
INSERT	The current session must have a security label (1 or more compartments). All compartments in the session label are entered as the row constraint column value. Purpose: Forces predictable row classification based on the user label.
SELECT	The session security label must include all the compartments in the row label or the operation fails. Purpose: If a row is classified with several compartments, ensures that the accessing user is a member of all of the compartments.
UPDATE	The row label must include all the compartments contained in the session label. Purpose: Prevents the user from inadvertently adding classifications to the row.
DELETE	The row can be deleted only if the constraint column value is NULL. Purpose: Ensures that a row is reviewed and declassified before it can be deleted. You must have OVERRIDE UPDATE privileges to reclassify a row as NULL, so that it can be deleted.