Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Teradata RDBMS Database Administration - NCR

NCR Teradata RDBMS Database Administration - NCR , 2004. - 616 p.
Download (direct link): teradatadatabaseadmin2004.pdf
Previous << 1 .. 83 84 85 86 87 88 < 89 > 90 91 92 93 94 95 .. 218 >> Next


6 - 10 Teradata RDBMS Database Administration

Chapter 6: Controlling Access

Controlling Inherited and Group Privileges

Transferring Privileges

When you give a user to another owner, privileges are not altered. The GIVE statement does not alter DBC.AccessRights.

The database or user that you GIVE does not receive any privileges from its new owner.

The new owner gains only implicit privileges over the transferred object and the old owner loses them. (Inheritance does not apply; see note under "Controlling Inherited and Group Privileges" on page 6-15.)

Transferring ownership affects both the ownership of space and also the administration of privileges.

For more information on how privileges are affected, see Teradata RDBMS Security Administration and the GIVE Statement under "Data Control Language Syntax" in Teradata SQL Reference, Volume 4.

For more information on transferring ownership, see "Changing the Hierarchy with GIVE" on page 1-17 and "Increasing Space by Giving Ownership" on page 3-20.

6 - 10

Teradata RDBMS Database Administration Chapter 6: Controlling Access

Controlling Password Security

Controlling System Access

The purpose of security administration on a Teradata RDBMS is to:

Prevent unauthorized persons from accessing RDBMS data and resources.

Permit users to access only those entities you have authorized them to use.

Your role as Database Administrator is enhanced by enforcing good privilege management, security rules, data integrity, and log maintenance. To help ensure data integrity, you can set up a privilege structure that includes the following characteristics:

All users belong to a ROLE and inherit its privileges. |

Users do not have direct access to data tables unless they are performing batch operations.

Users directly access databases that contain only views, macros, and/or stored procedures.

Attempts to access data by unauthorized users are automatically checked I and prevented at several levels, from client machine to data table. |

You can control access to Teradata RDBMS at the following levels:

User logon

Host group logon

Database

Database object (table, view, macro, stored procedure, trigger)

A variety of tools are available to protect your Teradata RDBMS, such as:

IF you want to . THEN use . For more information, see .
control at the user level how long (or indefinitely) to lock out users after a number of failed logons CREATE/MODIFY PROFILE to specify the default attributes for LockedUserExpire and MaxLogonAttempts for all users under this profile. "Implementing Roles and Profiles" on page 5-12 "Updating the Global Security Defaults" on page 6-22
control at the system level how long (or indefinitely) to lock out users after a number of failed logons UPDATE ... SET against DBC.SecurityDefaults view or DBC.SysSecDefaults table to specify LockedUserExpire and MaxLogonAttempts values for all users with passwords but no profile attributes. Note: You must have database administrator privileges to update the DBC.SecurityDefaults view and security administrator privileges to update the DBC.SysSecDefaults table. Teradata RDBMS Security Administration

Teradata RDBMS Database Administration

6 - 17 Chapter 6: Controlling Access

Controlling Password Security

IF you want to . THEN use . For more information, see .
control logon access to Teradata RDBMS at the: User level Client group level Passwords, verified at logon The Security Administration feature, using the GRANT LOGON statement to: - Allow certain users to logon with no (NULL) password - Associate users with a client group (hostID) for logon verification "CREATE USER and Logon Security" on page 5-6 "Host Logon Control" on page 6-23 "CREATE USER Statement" in Teradata RDBMS SQL Reference, Volume 4 Teradata RDBMS Security Administration
On Windows 2000: Control logon access at the client group level Avoid sending passwords over the network On Windows 2000: Security features: - DBC.LongonRule security macro - GRANT LOGON/REVOKE LOGON statements to associate users with a client group (HostID) for logon verification SSO feature "CREATE USER and Logon Security" on page 5-6 Teradata RDBMS Security Administration "Implementing Single Sign On (SSO) (Windows 2000 Only)" on page 6-25
control user access to data GRANT/REVOKE privilege statements Teradata RDBMS Security Administration Teradata RDBMS SQL Reference, Volume 4
control actions and limit access to some parts of data tables views, nested views, macros, and stored procedures Teradata RDBMS SQL Reference, Volume 1
control object access and query execution GRANT and REVOKE privilege statements to allow or prevent access to particular objects by particular users or members of a role. Teradata Dynamic Query Manager (DQM) to: - Associate an object type with date / time, user privilege, and/ or an activity - Approve or postpone a query based on current workload - Limit size of response rows or time to process "Implementing Roles and Profiles" on page 5-12 "Scheduling Workloads with Teradata Dynamic Query Manager (TDQM)" on page 15-12
Previous << 1 .. 83 84 85 86 87 88 < 89 > 90 91 92 93 94 95 .. 218 >> Next