How Security Is Applied in a Teradata OLAP Server Session - Teradata Schema Workbench

Teradata Schema Workbench User Guide
Product
Teradata Schema Workbench
Release Number
16.20
16.10
15.10
Published
June 2015
Language
English (United States)
Last Update
2018-05-25
dita:mapPath
gvf1512702977003.ditamap
dita:ditavalPath
Audience_PDF_include.ditaval
dita:id
B035-4106
Product Category
Teradata Tools and Utilities
Applying Security in a Teradata OLAP Server Session

The following example illustrates how and when security is applied on a query request via SAP BOE and the Teradata OLAP Server and its impact on the returned result set. The numbered items correspond to the numbered items in the figure.

Example - Applying Security in a Teradata OLAP Server Session

The user accesses SAP BOE using a browser, and then selects an OLAP Connection which references the Teradata OLAP Server. The Teradata OLAP Server is configured to utilize an ODBC DSN. This DSN might contain saved user credentials. If not, the user is prompted to enter user name and password by the Teradata OLAP Server. In the examples below, assume the user has provided user name = "Foo."

  1. Teradata OLAP Server attempts to establishes trusted session with the database using:
    Set QueryBand = 'ProxyUser = Foo'
  2. If DBA had previously allowed ConnectThrough for user Foo, the request to establish trusted session is successful.

    If DBA did not enable ConnectThrough for user Foo, the request to establish trusted session fails.

  3. If trusted session is established, Teradata OLAP Server queries cube metadata. Database uses access permissions for user Foo.

    If trusted session is not established, Teradata OLAP Server queries cube metadata. Database uses access permissions for user associated with TBI_SERVICE role (tbiservice in this example).

  4. If trusted session is established, cube metadata result set returned. Contents of result set comprises any cube metadata visible to user Foo.

    If trusted session is not established, cube metadata result set returned. Contents of result set comprises any cube metadata visible to user tbiservice.

  5. Measure or dimension is dragged to a row or column resulting in an HTTP request to the SAP BOE Server.
  6. SAP BOE Server initiates an XMLA request to Teradata OLAP Server.
  7. If trusted session is established, Teradata OLAP Server queries physical table. Database uses access permissions for user Foo.

    If trusted session is not established, Teradata OLAP Server queries physical table. Database uses access permissions for user tbiservice.

  8. If trusted session is established, result set returned. Contents of result set comprises any data visible to the user Foo.

    If trusted session is not established, result set returned. Contents of result set comprises any data visible to the user tbiservice.

  9. Teradata OLAP Server applies any further security rules modeled into the cube definition based on the roles assigned to user Foo and responds to SAP BOE Server with result set data minus any Cube, Dimensions, Hierarchies, or Members filtered out by the application of the modeled security rules.
  10. SAP BOE Server updates web page content and forwards to browser.