Archives of the TeradataForum
Message Posted: Fri, 28 Jan 2005 @ 21:28:18 GMT
Security people (and Sarbanes-Oxley) *hate* shared userids because you can't associate questionable activity on a userid with a specific person. When people were hard-wired to the network you could sometimes backtrack to the IP address, but with DHCP and VPNs this is becoming much more difficult. The most palatable solution is two tiered access which is only marginally available on the Teradata.
For the two tier approach to work, each person must have a userid which has login rights but no object access rights. Once logged in on the system, the user issues a secondary login command to associate themselves with a group userid to do their work. The group userid is blocked from external access, i.e. you can't login on that userid.
I suppose that it's possible to make this work using default and secondary roles, as long as you give everyone their own userid. A change of default database might work if all the access code (views, macros, procedures) lived in the new database.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 28 Jun 2020|