Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

Teradata RDBMS Database Administration - NCR

NCR Teradata RDBMS Database Administration - NCR , 2004. - 616 p.
Download (direct link): teradatadatabaseadmin2004.pdf
Previous << 1 .. 87 88 89 90 91 92 < 93 > 94 95 96 97 98 99 .. 218 >> Next

cannot guarantee that every username will always be unique across all domains a Must assign host (domain) names to network client groups, and associate the appropriate users with each domain. (For instructions, see "Logon Control" in Teradata RDBMS Security Administration.) b Must append a domain name to each new user name with an @ sign. Enclose the string in straight quotes as in "username@domainname". For example: CREATE USER "Bob@esdev3" AS PERM=1000, PASSWORD=Bob3 ;GRANT LOGON ON ALL TO "Bob@esdev3" WITH NULLPASSWORD;

6 - 26

Teradata RDBMS Database Administration 6 - 17 Chapter 6: Controlling Access

Controlling Password Security

Action

If you plan to use domains and have existing users whose names must be converted, follow the procedure below. This procedure converts your Teradata RDBMS users from the form username to the form "username@domainname".

6

Step Action
a Recreate every existing username to the form "username@domainname", where domainname is the client group name you associated with this user in step 5. Follow each CREATE statement with a GRANT LOGON ... WITH NULL PASSWORD statement. Define a separate CREATE/GRANT transaction for each username. For example: CREATE USER "origusr2@esdev3" AS PERM=1000, PASSWORD=abcd2 ;GRANT LOGON ON ALL TO "origusr2@esdev3" WITH NULL PASSWORD; CREATE USER "origusr3@tsdev3" AS PERM=1000, PASSWORD=efgh3 ;GRANT LOGON ON ALL TO "origusr3@tsdev3" WITH NULL PASSWORD;
b Use GIVE to transfer from each original user to his or her new name the default database and all the objects below it in the hierarchy, as well as all the PERM space allocated to it: GIVE origusr2 TO "origusr2@esdev3"; GIVE origusr3 TO "origusr3@tsdev3";
c Drop the old user. DROP USER origusr2; DROP USER origusr3;

I

7 Log off and quit your session.
8 To enable SSO in the DBS Control Record (DBSCONTROLGDO), start the Teradata RDBMS Database Window and select the Supervr (Supervisor Window) icon.
9 In the Enter a command subwindow of the Supervisor window, start the DBS Control utility: start dbscontrol The Supervisor window displays: Started 'DBSCONTROL' in window n. where the number represents the application window in which DBS Control is running. Note: For details on the Database and Supervisor windows, see Teradata RDBMS Database Window.
10 Set the sso field to either ON (both legacy and SSO logons allowed) or ONLY (only SSO logons allowed): set sso [on/only] Warning: A DBSCONTROLGDO setting of SS_ONLY or SS_OFF overrides any Gateway setting.
11 To enable SSO in the Gateway (GTWCONTROLGDO), start the Teradata Command Prompt window.

Teradata RDBMS Database Administration

6 - 17 Chapter 6: Controlling Access

Controlling Password Security

Step Action

12 At the Teradata command prompt, use the gtwcontrol -d command to query the state of the Gateway Control GDO fields.

13 Use the gtwcontrol command to control the state of the Single Sign-On Authentication field as follows:

IF you . THEN .
do not use domain names include only the -a on/only option. For example: gtwcontrol -a on
use domain names Include both the -g hostid and the -a on/only options, where hostid is the domainname of a client group you created in step 5. For example: gtwcontrol -g esdev3 -a on Enter one gtwcontrol command string for each domain you created.

14 Use the gtwcontrol command with the -F option to toggle the state of the Append Domain Name field, as follows:

IF your installation . THEN .
is not set up with domain names the Append Domain Name value must be no. Note: In this case, a userID with the form "username@domainname" will not be authenticated.
uses domain names as "username@domainname" the Append Domain Name value must be yes. Note: In this case, a userID with the form username will not be authenticated.

Documentation References

IF you want more information on . THEN see .
the TDP and programming TDP logon and security exits "TDP Functionality" on page A-26 Teradata Director Program Reference Teradata Transparency Series/Application Programming Interface User Guide
SSO (Windows 2000 only) "Single Sign On" under "Security and Integrity" in Introduction to Teradata RDBMS "CREATE USER and Logon Security" on page 5-6 "Diagnosing SSO Logon Errors (Windows 2000 only)" on page l2-l4
the role of the security administrator and how to implement a SecAdmin user Teradata RDBMS Security Administration

6 - 28

Teradata RDBMS Database Administration 6 - 17 Chapter 6: Controlling Access

Controlling Password Security

IF you want more information on . THEN see .
using REVOKE LOGON and GRANT LOGON statements "Logging Access Attempts" on page 6-45 Teradata RDBMS Security Administration "SQL Data Control Language Statements" in Teradata RDBMS SQL Reference, Volume 4
using BEGIN LOGGING and END LOGGING statements
running the DBS Control utility Teradata RDBMS Utilities
running the Gateway Control utility
running the DIP utility
Previous << 1 .. 87 88 89 90 91 92 < 93 > 94 95 96 97 98 99 .. 218 >> Next