Book a demo

Register a Teradata Connection

Public preview: This feature is available to select accounts. Contact your Immuta representative to enable this feature.

Requirement

  • Teradata VantageCloud or Teradata VantageCore

Permissions

The user registering the connection must have the permissions below.

  • APPLICATION_ADMIN Immuta permission

  • The Teradata user registering the connection must have the following privilege: DBADMIN

Create the database user

  1. Create a new user in Teradata to serve as the Immuta system account. Immuta will use this system account continuously to crawl the connection.

  2. Grant this account the following Teradata privileges:

    1. SELECT on the DBC database

    2. CREATE ROLE

    3. DROP ROLE

    4. SELECT WITH ADMIN OPTION on all Teradata views that Immuta should manage permissions to

Register a Teradata connection

  1. In your Teradata environment, create an Immuta database that Immuta can use to connect to your Teradata instance to register the connection and maintain state with Teradata.

    Having this separate database for Immuta prevents custom ETL processes or jobs deleting the database you use to register the connection, which would break the connection.

  2. In Immuta, click Data and select Connections in the navigation menu.

  3. Click the + Add Connection button.

  4. Select the Teradata tile.

  5. Enter the host connection information:

    1. Display Name: This is the name of your new connection. This name will be used in the API (connectionKey), in data source names from the host, and on the connections page.

    2. Hostname: Your Teradata host (e.g., your-host.env.teradata.com )

    3. Port: Port configured for Teradata.

    4. Database: The Teradata database you created for Immuta. All databases in the host will be registered.

    5. SSL Mode: Use the dropdown to select your SSL mode.

    6. SSL Protocol: Based on your SSL mode selection, also select the protocol.

  6. Select the authentication method from the dropdown:

    1. Username and Password or LDAP: Enter the username and password of the Teradata user you created above.

    2. OAuth: Enter the authentication details of the Teradata user you created above.

      1. Fill out the Client ID, which is the subject of the generated token. It is also known as sub (subject).

      2. Fill out the Client Secret.

      3. Fill out the Authority URL of your identity provider.

      4. Enter the Scope to limit the operations and roles allowed in Teradata by the access token. See the OAuth 2.0 documentation for details about scopes.

  7. Click Save connection.

Map users

Requirement: USER_ADMIN Immuta permission

Map Teradata usernames to each Immuta user account to ensure Immuta properly enforces policies.

The instructions below illustrate how to do this for individual users, but you can also configure user mapping in your IAM connection on the app settings page.

  1. Click People and select Users in the navigation menu.

  2. Click the user's name to navigate to their page and scroll to the External User Mapping section.

  3. Click Edit in the Teradata User row.

  4. Select the User Type from the dropdown:

    1. Teradata Username: Enter the user's Teradata username.

    2. Unset (fallback to Immuta username): When selecting this option, the Teradata username is assumed to be the same as the Immuta username.

    3. None (user does not exist in Teradata): When selecting this option,

  5. Click Save.

PreviousGetting Started with TeradataNextReference Guides

Last updated

Was this helpful?