How Security Is Applied in a Teradata OLAP Connector Session

How Security Is Applied in a Teradata OLAP Connector Session - Teradata Schema Workbench

Teradata Schema Workbench User Guide

Product

Teradata Schema Workbench

Release Number

16.20

16.10

15.10

Published

June 2015

Language

English (United States)

Last Update

2018-05-25

dita:mapPath

gvf1512702977003.ditamap

dita:ditavalPath

Audience_PDF_include.ditaval

dita:id

B035-4106

Product Category

Teradata Tools and Utilities

Applying Security in a Teradata OLAP Connector Session

The following example illustrates how and when security is applied on a query request using Excel and Teradata OLAP Connector and the impact on the returned result set. The numbered items correspond to the numbered items in the figure.

Example - Applying Security in a Teradata OLAP Connector Session

The user starts Excel and selects Teradata OLAP Connector as the data source. The user selects an ODBC DSN to be utilized by Teradata OLAP Connector. This DSN may contain saved user credentials. If not, the user is prompted to enter user name and password as part of configuring the Teradata OLAP Connector. In the example below, assume the user has provided user name = "Foo".

Teradata OLAP Connector attempts to establish trusted session with the database using:
```
Set QueryBand = 'ProxyUser = Foo'
```
If DBA had previously allowed ConnectThrough for user Foo, the request is successful.
If DBA did not enable ConnectThrough for user Foo, the request to establish trusted session fails.
If a trusted session is established, Teradata OLAP Connector queries cube metadata. Database uses access permissions for user Foo.
If a trusted session is not established, Teradata OLAP Connector queries cube metadata. Database uses access permissions for user associated with TBI_SERVICE role (tbiservice in this example).
If a trusted session is established, cube metadata result set returned. Contents of result set comprises any cube metadata visible to user Foo.
If a trusted session is not established, cube metadata result set returned. Contents of result set comprises any cube metadata visible to user tbiservice.
Measure or dimension is dragged to a row or column, or a filter is applied in pivot table, resulting in an OLAP request.
If a trusted session is established, Teradata OLAP Connector queries physical table. Database uses access permissions for user Foo.
If a trusted session is not established, Teradata OLAP Connector queries physical table. Database uses access permissions for user tbiservice.
If a trusted session is established, result set returned. Contents of result set comprises any data visible to the user Foo.
If a trusted session is not established, result set returned. Contents of result set comprises any data visible to the user tbiservice.
Teradata OLAP Connector applies any further security rules modeled into the cube definition based on the roles assigned to user Foo. PivotTable is updated with the result set data minus any Cube, Dimensions, Hierarchies, or Members filtered out by the application of the modeled security rules.