About Pass-Through Login
Simple implementations of pass-through do not support multiple pass-through passwords for a single user. Each user session may use only one user sign-in and password to create new connections that have data sources enabled with pass-through login. If pass-through login is enabled on multiple data sources, connection authorization must be based on a single user login-password pair for each user, or the connection to the data source fails for federated queries.
TDV Server and JDBC clients can support pass-through login for multiple data sources, but the data source credentials passed from the end-user JDBC client must be set explicitly for those data sources. See “Setting Pass-Through Credentials for JDBC Clients” in the TDV Client Interfaces Guide. The JDBC setDataSourceCredentials method is used to register the data source pass-through credentials for each data source to be so used.
Each client making a request for data from pass-through-enabled data sources has to establish a connection, which requires significant processing time.
In pass-through mode:
• If you save the password, you can introspect without resupplying the password.
• You can perform the following operations even if you did not save the password:
— Query, update, insert and delete operations (but you need to resupply the original login credentials for the current session).
— Reintrospect, add, or remove data source resources. You are prompted to resupply the password that was used when the data source was originally introspected.
• You cannot perform the following operations if you do not save the password:
— Schedule reintrospection
— Gather statistics using the query optimizer
— Perform scheduled automated cache updates
Note: Pass-through authentication is not allowed for TDV-built system-level accounts.
When using scheduled cache refreshes, you must specify a login-password pair in the data source, and the pair must be the same for the resource owner (or creator) who is accessing TDV and the target data source. If this is not the case, the cache refresh fails.
If a view uses a data source that was added to TDV Server using pass-through mode, and the password has not been saved, row-based security may affect the cache refresh. For example, a cached view named CachedCommonView uses the SQL statement SELECT * FROM db2.T1; user John is allowed to view only 10 rows; user Jane is allowed to scan 20 rows. Whenever Jane refreshes the view cache, both Jane and John are able to view 20 rows, but whenever John refreshes the view, Jane can view only 10 rows.
The operations you can and cannot perform in pass-through mode depend on if Save Password is checked as follows:
Save password? | Operations you can perform | Operations you cannot perform |
Yes | Introspection. You do not have to re-supply the password. | N/A |
No | • Query/update/insert/delete operations. You need to resupply the original login credentials for the current session. • Reintrospection, Add/Remove data source resources. You will be prompted to resupply the password that was used when the data source was originally introspected. | • Schedule reintrospection. • Statistics gathering, using the query optimizer. |