Trusted Sessions - ODBC Driver for Teradata - 16.20

ODBC Driver for Teradata® User Guide

prodname
ODBC Driver for Teradata
vrm_release
16.20
category
User Guide
featnum
B035-2526-108K

Trusted Sessions provides more security to applications that interface between users and the database, especially in cases where users can submit their own SQL query commands.  It prevents a user from possibly submitting "SET QUERY_BAND" commands to change a proxy user.  Trusted sessions are supported in Teradata database 13.10 or later.

The database does not allow SET QUERY_BAND SQL to set/change a proxy user on a session having GRANT CONNECT THROUGH privilege with the ‘WITH TRUST_ONLY’ option, unless it is submitted as a trusted SQL request.  The ODBC Driver submits an SQL as trusted only when an SQL_ATTR_TRUSTED_SQL(13010) statement attribute is set by calling SQLSetStmtAttr() with a value SQL_TRUE.  Immediately after SQLExecute() or SQLExecDirect() is called, SQL_ATTR_TRUSTED_SQL will be reset to the default value SQL_FALSE.

For more information on the GRANT CONNECT THROUGH privilege, please refer the database manual SQL Data Control Language (B035-1149).

The following is sample code to send a trusted SQL:

……….
……….
RETCODE result;

result = SQLSetStmtAttr(StatementHdl, SQL_ATTR_TRUSTED_SQL, (SQLPOINTER)SQL_TRUE, SQL_IS_UINTEGER);
if (SQL_SUCCESS == result)
{
	/ After SQL execution, the SQL_ATTR_TRUSTED_SQL attribute value will be reset to SQL_FALSE
	// to prevent any further use of SET QUERY_BAND until you change the attribute to SQL_TRUE once again.

	result = SQLExecDirect(yourStatementHdl, (SQLTCHAR *) "SET QUERY_BAND='proxyuser=user1;'FOR SESSION; ", SQL_NTS);vt 
	if (SQL_SUCCESS != result)
	{
		// Handle error
	}
}
else
{
	// Handle error
}