in black and white
Main menu
Share a book About us Home
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics

Teradata RDBMS Database Administration - NCR

NCR Teradata RDBMS Database Administration - NCR , 2004. - 616 p.
Download (direct link): teradatadatabaseadmin2004.pdf
Previous << 1 .. 84 85 86 87 88 89 < 90 > 91 92 93 94 95 96 .. 218 >> Next

audit attempts to access objects or create or drop roles or profiles DBQL to track objects targeted during the session of a user defined for query logging Security features: - DBC.LogonRule macro - BEGIN LOGGING and END LOGGING statements to establish rules for checking and recording access attempts based on profile, user, object, and / or activity "DBQLObjTbl" on page 14-10 "Implementing Roles and Profiles" on page 5-12 Teradata RDBMS Security Administration

6 - 18

Teradata RDBMS Database Administration 6 - 17 Chapter 6: Controlling Access

Controlling Password Security

IF you want to . THEN use . For more information, see .
audit logon activity DBC.LogonRules view (if Security Administrator feature is implemented) DBC.LogOnOff view TDQM "Session-Related Views" on page 6-30 "Scheduling Workloads with Teradata Dynamic Query Manager (TDQM)" on page 15-12 "Tracking Processing Behavior with the Database Query Log (DBQL)" on page 14-1 Teradata Dynamic Query Manager Administrator Guide Teradata RDBMS Security Administration Teradata RDBMS Data Dictionary
audit session activity DBC.SessionInfo view DBC.LogOnOff view DBQL TDQM DBC.SW_Event_Log, DBC.EventLog view

Teradata RDBMS Database Administration

6 - 17 Chapter 6: Controlling Access

Controlling Password Security

Controlling Password Security

This section discusses:

Password use and encryption

Controlling password defaults

Using Teradata Director Program (TDP) Exits

Securing Access with Passwords

To establish a session on the Teradata system, a user must enter a username at logon. Upon successful logon, the username is associated with a unique session number until the user logs off.

Although the username is the basis for identification to the system, it is not usually protected information. Often the username is openly displayed during interactive logon, on printer listings, and when session information is queried.

To protect database access, associate a password with the username. The parser does not accept a CREATE USER statement without a password (although under certain conditions you can immediately modify the user for a null password, as explained in "CREATE USER and Logon Security" on page 5-6). Passwords provide much tighter security because Teradata does not display or print passwords on listings, terminals, or PC screens.

Warning: Neither you nor other users should ever write down passwords or share them among other users.

Creating a Password

When you create a new user, you also create a temporary password for the user. When the user logs on for the first time, he or she is prompted to change the password.

If a user forgets their password, or you set a maximum for erroneous logon attempts and a valid user becomes locked out (see "Updating the Global Security Defaults" on page 6-22), submit a MODIFY USER or MODIFY PROFILE statement with the RELEASE PASSWORD LOCK option. You can assign a new temporary password, which the user can change during the session.

Warning: Do not lose the password for user DBC, because user DBC could be locked out (if you set the MaxLogonAttempts attribute), and only user DBC can modify user DBC! (If this happens, the only way DBC can log on is through the TSTSQL console. Contact the TSC for instructions on how to do this.)

6 - 20

Teradata RDBMS Database Administration 6 - 17 Chapter 6: Controlling Access

Controlling Password Security

Tracking Changes to Passwords

A user can modify his or her password without special privileges. The |

DBC.DBase table stores the date and time a password is changed by a user.

Query the DBC.Users view, selecting columns PasswordLastModDate and PasswordLastModTime, to see the latest activities against passwords.

Customizing Your Password Controls

You can specify your preferences for the following:

Number of days before passwords expire

Amount of time to elapse before an expired password can be reused

Minimum and maximum length of a password string

Disallowed digits and/or special characters in a password string

Number of erroneous logon attempts before a user is locked out

Amount of time to elapse before unlocking a user

The initial defaults are as follows:

Do not expire passwords

Allow from 1-30 characters that can include digits and special characters

Allow unlimited logon attempts

Do not lock out a user on an erroneous password

Allow immediate password reuse

A row in the DBC.SysSecDefaults system table controls password attributes at the global level. This single row defines all the default password control parameters.

These parameters are set at the system level. They apply to all users, with the following exceptions:

a user was created with a NULL password the user is not affected by password settings.
a user belongs to a profile the profile specification takes precedence; if NULL, the value in SysSecDefaults takes precedence.
Previous << 1 .. 84 85 86 87 88 89 < 90 > 91 92 93 94 95 96 .. 218 >> Next