Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR

NCR Introduction to the Teradata® RDBMS for UNIX® Version 2 Release 2.1 - NCR, 1998. - 315 p.
Download (direct link): inntroduktionteradata1998.pdf
Previous << 1 .. 46 47 48 49 50 51 < 52 > 53 54 55 56 57 58 .. 76 >> Next

acctid The account id can be used for resource accounting. Each user name may have one or more acctids. The logon processor assigns a default value for the acctid if it detects none in the logon string for a user. The acctid can also contain a priority-level prefix that can be used when interactive users are competing for system resources with long-running batch jobs.

These items are described in more detail in the following pages.

11-4

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Resource Access Control

TDP Security

Password Security

IBM mainframe clients running either MVS or VM have the option of enforcing security at the TDP level using tdpids.

The TDP provides a user logon exit called TDPLGUX which you can embed in a user-written routine to process logon requests. Using TDPLGUX, you can reject, accept, provide, or modify any logon request to the Teradata RDBMS.

TDPLGUX also permits users to set any of the following options:

• No logon string (implicit logon)

• A user id that the user routine provides a password for

• A user id that can be validated as not requiring a password.

TDPGLUX can be used by itself or in conjunction with any security package such as:

• RACF

• CA-ACF2

• CA-TOP SECRET

Besides the existence of passwords, you can also use a number of add on features to enhance Teradata RDBMS security.

The following table lists and describes these features.

Password Feature Description
Expiration Defines a time span during which the password is valid. After that duration, the user must change passwords.
Number of characters/ digits/special characters Restricts the number of characters, digits, or special characters permitted in a password.
Maximum logon attempts Defines the sequential number of erroneous logon attempts permitted before locking the user from further attempts.
Lockout time Sets the time duration of the user lock after the user has exceeded the maximum number of erroneous logon attempts.
Reuse Defines the time span that must elapse before a previously used password can be reassigned to the same user.

Password features for the Teradata RDBMS are stored in the DBC.SysSecDefaults table in the Data Dictionary.

Introduction to the Teradata RDBMS for UNIX

11-5
Security and Integrity

Resource Access Control

DBC.SysSecDefaults

The DBC.SysSecDefaults table stores password information for the Teradata RDBMS.

Any of the following cause errors if you attempt to perform them:

• Specify a negative value in:

• ExpirePassword

• MaxLogonAttempts

• LockedUserExpire

• PasswordReuse

• Specify a value for PasswordMaxChar that is less than the value for PasswordMinChar.

• Type a character other than Y or N in one of these columns:

• PasswordDigits

• PasswordSpecChar

Any of these events causes the Teradata RDBMS to generate an error message for the event log during startup and replace the value with the system default for the corresponding column.

11-6

Introduction to the Teradata RDBMS for UNIX
Security and Integrity

Resource Access Control

The following table lists and describes the columns in DBC.SysSecDefaults.

Column Name Description
ExpirePassword Number of days to elapse before the password expires. 0 indicates no expiration.
PasswordMinChar Minimum number of characters in a valid password.
PasswordMaxChar Maximum number of characters in a valid password. PasswordMaxChar must be equal to or greater than PasswordMinChar.
PasswordDigits Indicates if digits are allowed in a password. Y = allow digits (except as first character) N = do not allow digits
PasswordSpecChar Indicates if special characters are allowed in a password. Y = allow special characters N = do not allow special characters
MaxLogonAttempts Number of erroneous logons allowed before locking the user. 0 indicates no locks.
LockedUserExpire Number of minutes to elapse before unlocking a locked user. 0 indicates immediate unlock.
PasswordReuse Number of days to elapse before a user can reuse a password. 0 indicates immediate reuse.

Teradata passwords are encrypted.

Password Encryption

The encrypted information is stored in the PasswordString field of the DBC.DBase table.

Introduction to the Teradata RDBMS for UNIX

11-7
Security and Integrity

Resource Access Control

Logon Control Using GRANT and REVOKE LOGON

Controlling Data Access by Granting or Revoking Access

Because of the Teradata Shared Information Architecture, the RDBMS can be connected to multiple clients simultaneously.

The system default is to grant logon permission to all users from all connections. The RDBMS provides tools for restricting logons from specific clients. The statements GRANT LOGON and REVOKE LOGON provide the capability of associating specific user names with specific client (host) ids.

You can only grant logons using GRANT LOGON if the user is already created in the Teradata RDBMS and if the client (host) id corresponds to a value assigned to a LAN or channel connection by the Teradata RDBMS.
Previous << 1 .. 46 47 48 49 50 51 < 52 > 53 54 55 56 57 58 .. 76 >> Next