Home Page for the TeradataForum
 
https:

Archives of the TeradataForum

Message Posted: Fri, 28 Jan 2005 @ 21:28:18 GMT


     
  <Prev Next>   <<First <Prev Next> Last>>  


Subj:   Re: Maximum Limits of Users in Warehouse
 
From:   Hough, David A

Security people (and Sarbanes-Oxley) *hate* shared userids because you can't associate questionable activity on a userid with a specific person. When people were hard-wired to the network you could sometimes backtrack to the IP address, but with DHCP and VPNs this is becoming much more difficult. The most palatable solution is two tiered access which is only marginally available on the Teradata.

For the two tier approach to work, each person must have a userid which has login rights but no object access rights. Once logged in on the system, the user issues a secondary login command to associate themselves with a group userid to do their work. The group userid is blocked from external access, i.e. you can't login on that userid.

I suppose that it's possible to make this work using default and secondary roles, as long as you give everyone their own userid. A change of default database might work if all the access code (views, macros, procedures) lived in the new database.


/dave



     
  <Prev Next>   <<First <Prev Next> Last>>  
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 28 Jun 2020