About User Administration
Management of dynamic domain users is mostly passive as far as TDV is concerned. Data sources enabled with a pass-through login must be configured to authenticate the user and to authorize access to data.
Initial login of a dynamic domain user with a JDBC, ODBC, or Web services client creates a new user profile on TDV. The new user is assigned an ID and can be treated like a normal user who has been cautioned not to expose sensitive resources. Dynamic domain users do not have a home directory; hence, they cannot create or own resources.
Considerations and Precautions
• Assigning resource privileges to any dynamic user exposes that resource to potential public access by any client using that user name. In sensitive environments, dynamic users and the dynamic all group should only be given privileges to access public resources, while data sources enabled with pass-through login can independently authenticate and authorize dynamic users to gain access to secured data.
• Individual users in the dynamic domain can be deleted, but the all group and the dynamic domain cannot be deleted.
• Deleting a dynamic user does not prevent that user name from being used to log in again.
• The password for a dynamic domain user does not persist across sessions for logging purposes, but the password used for the current session is kept in memory and is passed when a request is made to data sources that have the pass-through option enabled.
• The ODBC manager may truncate the password at 14 characters.