 |
 |
Archives of the TeradataForum
Message Posted: Fri, 28 Jan 2005 @ 21:28:18 GMT
| Subj: | | Re: Maximum Limits of Users in Warehouse |
| |
| From: | | Hough, David A |
Security people (and Sarbanes-Oxley) *hate* shared userids because you can't associate questionable activity on a userid with a specific
person. When people were hard-wired to the network you could sometimes backtrack to the IP address, but with DHCP and VPNs this is becoming much
more difficult. The most palatable solution is two tiered access which is only marginally available on the Teradata.
For the two tier approach to work, each person must have a userid which has login rights but no object access rights. Once logged in on the
system, the user issues a secondary login command to associate themselves with a group userid to do their work. The group userid is blocked from
external access, i.e. you can't login on that userid.
I suppose that it's possible to make this work using default and secondary roles, as long as you give everyone their own userid. A change of
default database might work if all the access code (views, macros, procedures) lived in the new database.
/dave
| |
