SECURE ZONES ADMINISTRATION IN TERADATA

Share via:
SECURE ZONES ADMINISTRATION IN TERADATA

Dear Readers.

In this article ,we will see SECURE ZONES ADMINISTRATION IN TERADATA

A “Secure Zone” on a Teradata system typically contains multiple databases and users under a single database or user (referred to as the ‘root’ of that zone). The users defined in a zone can only access data in tables/views that are also set in that zone.

Where a Teradata system has multiple “secure zones”, perhaps named ‘UK’ and ‘EU,’ then users in the ‘UK’ zone cannot see data in the ‘EU’ zone and vice-versa. All of this could be achieved quite simply using standard Teradata Access Rights.

The difference that “Secure Zones” provides is that users in the ’UK’ zone don’t know that the ‘EU’ zone objects even exist

Administration

Secure zones allow you to create one or more exclusive database hierarchies, called zones, within a single Teradata Database system. Access to the data in each zone and the database administration is handled separately from the Teradata Database system and from other zones. Secure zones are useful in situations where the access to data must be tightly controlled and restricted. You can also use secure zones to support some regulatory compliance requirements for the separation of data access from database administration duties.

You can use Teradata Studio to administer secure zones, including creating and dropping zones, and managing zone and guest users.

Secure zones are supported on Teradata Database 15.10 or later.

Listing Secure Zones

You can view a list of secure zones that are set up on a Teradata Database system in the Object List Viewer. From this view, you can administer the secure zones and zone users. The list varies depending on your permissions.

  • In the Navigator pane, expand the desired Teradata Database system name.
  • Right-click Secure Zones and select Show Secure Zones. Existing secure zones that you have permissions to view are listed in the Object List Viewer.
  • [Optional] Filter the results using the Filters view.

Creating a Secure Zone

You can create secure zones on Teradata Database 15.10 or later.

  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • In the upper right corner of the Object List Viewer, click . The Create Secure Zone pane appears.
  • Fill out the desired information in the tabs.
  • [Optional] Click SQL to review the generated SQL statements.
  • Click Commit. A new secure zone is created.

Dropping a Secure Zone

  • If you no longer need a secure zone, you can drop, or delete, it. Before you drop it, remove any users from the zone.
  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • Remove all users from the secure zone you want to drop.
  • In the Object List Viewer, select the row listing for the secure zone you want to drop.
  • Right-click and select Drop Secure Zone, and click OK to confirm. The secure zone is deleted from the Teradata Database.

Modifying a Secure Zone

  • You can modify the root of an existing secure zone. Note that changing the zone root changes the entire dynamic of the secure zone.
  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • On the desired row, right-click and select Modify Secure Zone. The Modify Zone pane appears.
  • Edit the settings
  • [Optional] Click SQL to review the generated SQL statements.
  • Click Commit. The secure zone settings are updated.

Adding Users to a Secure Zone

A zone user is a permanent database user with privileges in a zone. The first user added to a secure zone automatically becomes the primary zone DBA. Only the primary zone DBA can create further users.

  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • On the desired row, right-click and select Add/Drop Secure Zone Users. The Add/Drop Users tab appears.
  • Click Users in Zone.
  • Expand the Users tree and right-click the name of the database or user, select Create Zone User and click OK to open the Create User Form.
  • Fill out the desired information in the tabs.
  • [Optional] Click SQL to review the generated SQL statements.
  • Click Commit. A new zone user is created and added to the secure zone, and the user information appears.
  • [Optional] To refresh the Users tree with the newly added zone user, do the following:
  • In the Add/Drop Users tab, under Users in Zone, right-click Users in the tree.
  • Click Refresh. The Users tree includes the user you added.

Removing Users from a Secure Zone

  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • On the desired row, right-click and select Add/Drop Secure Zone Users.
  • Click Users in Zone. The user tree appears.
  • Right-click the name of the database or user, select Drop Zone User and click OK.
  • Click Commit. The zone user is removed from the secure zone.

Adding Zone Guests to a Secure Zone

Zone guests are roles or users that are located outside of the zone, but are granted privileges to create and access objects in the zone where they are guests.

  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • On the desired row, right-click and select Add/Drop Secure Zone Users.
  • Click Users in Zone. The user tree appears.
  • Right-click Users and select Add/Remove Zone Guests. The Choose Zone Guests dialog appears, listing all database users.
  • Select guests by users or roles, and use the arrow buttons to add them to the Zone Guests list.
  • Click OK.
  • [Optional] Click SQL to review the generated SQL statements.
  • Click Commit. New zone guest users are granted privileges, and a list of current users appears.

Removing Zone Guests From a Secure Zone

  • List existing secure zones for the desired Teradata Database in the Object List Viewer.
  • On the desired row, right-click and select Add/Drop Secure Zone Users.
  • Click Users in Zone. The user tree appears.
  • Right-click Users and select Add/Remove Zone Guests. The Choose Zone Guests dialog appears.
  • Select guests in the Zone Guests list and use the arrow buttons to remove them from the list.
  • Click OK.
  • Click Commit.

 

 

Thank you for giving your valuable time to read the above information.
Follow us on 
Website  www.ktexperts.com
Facebook Page KTExperts Facebook
Linkedin Page : KT EXPERTS Linkedin

 

Share via:
Note: Please test scripts in Non Prod before trying in Production.
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Add Comment