Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR

NCR Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR, 1998. - 315 p.
Download (direct link): inntroduktionteradata1998.pdf
Previous << 1 .. 45 46 47 48 49 50 < 51 > 52 53 54 55 56 57 .. 76 >> Next

Transaction processing in general Teradata RDBMS for UNIX Database Design and Administration

10-16

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Chapter 11

Security and Integrity

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

About This Chapter

Introduction

Definition of Security

Definition of Integrity

Tools for Enforcing System Security

About This Chapter

This chapter describes security and integrity for the Teradata RDBMS.

Among the topics described are:

• Establishing a security policy

• Client password security

• Server password security

• Teradata SQL Data Control Language commands for granting and revoking privileges

The descriptions include both client and server security and Teradata RDBMS user privileges

The Teradata RDBMS provides DoD C2 level security.

Security is a mechanism that protects the database against unauthorized users.

Integrity ensure that the things that users do are correct. In other words, integrity protects the database against authorized users doing the wrong things.

There are four categories of solutions for system security.

These are:
Category Description
Resource access control software-enforced access restrictions
Physical access control physical access restrictions
Auditing and accountability system auditing of security-related user actions
Policy a sound, well-enforced data center security policy

Introduction to the Teradata RDBMS for UNIX

11-1
Security and Integrity

About This Chapter

Tools for Enforcing System Integrity

Release 2.0 of the Teradata RDBMS for UNIX provides support for referential integrity. Users may also provide their own facilities for policing referential integrity in the Teradata RDBMS.

To do this, write macros that enforce the referential integrity of each table in your system that contains fields that act as foreign keys.

Read Chapter 3, “The Relational Model,” for more information about referential integrity.

11-2

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Resource Access Control

Resource Access Control

Introduction

This topic introduces the Teradata software tools you can use to enforce access restrictions.

These include:

• User identifiers (user names)

• Channel or LAN identifiers (host, or client identifiers)

• Logon policies

• TDP user security interface

• Client security

User Identifiers

Teradata access control is based on a user identifier. The security administrator can optionally enforce a channel- or LAN-client identifier as well.

A user name is the name defined in a CREATE USER statement. The security administrator must perform one CREATE USER statement for each authorized user in order to establish the user name, define its password, and allocate user disk space.

User names and database names are stored in the DBase table, which resides in the space allocated to a system user named DBC. You can retrieve information about user names from the DBC.DBase table by querying the system view named DBC.Users.

Any number of different client types can connect to the Teradata Client Identifiers RDBMS server. Each connection must have its own unique client

identifier.

Each connection is assigned a unique value that is defined to the Teradata RDBMS using the Config utility. Each defined value is used as a client identifier, or hostid.

Users must issue a logon request so the Teradata RDBMS can Logon Policies identify the user and establish a session. The logon string must

include a user name that has already been established in the system in DBase.

The logon string may also include any combination of the following operands:

• tdpid

• password

• acctid

Introduction to the Teradata RDBMS for UNIX

11-3
Security and Integrity

Resource Access Control

The following table outlines the meanings of these terms.

Operand Definition
tdpid Each copy of the TDP on a given client is assigned a unique tdpid to identify it. The tdpid is a client-based operand and is not transmitted to the Teradata RDBMS.
password A password authenticates a user request to initiate a Teradata session under the supplied user name. Use the CREATE USER statement to establish a password for a user. The default is that the password must appear in the user logon string. The security administrator can establish the ability to log on without a password by setting up the following conditions: • There must be a current GRANT LOGON statement containing the WITH NULL PASSWORD option for the user. • The TDP security user exit TDPLGUX must acknowledge that the logon string is valid without a password (IBM mainframe clients only) The security user exit is expected to authenticate the identify of a user. Because the null password applies only to logging onto the Teradata RDBMS, all other system security measures continue to be enforced.
Previous << 1 .. 45 46 47 48 49 50 < 51 > 52 53 54 55 56 57 .. 76 >> Next