Revoke access based on user and app


Revoke access based on user and app

Hello all,

im sure there are many peie who have been tasked with curbing the abilities of "shadow IT" to build their own automated processes. I have been given the same task. I was wondering if there was a way (preferably via a dynamic TASM action) to revoke logins from a user based on app I'd. Let me give you an example.  I want to build something that completely revokes a user'a ability to query Teradata unless they log on via micro strategy.  We have many users who use many different applications to manipulate and extract data from Teradata. My leaderships desire is that once they cross a certain CPU (and later other metric based) threshold, the only way the can access the edw is via sanctioned micro strategy reports.

to summarize, is it possible to revoke logons for a user except when they logon via a specific application / IP address.



Re: Revoke access based on user and app


TASM will handle this via throttle , include in request source apps you don't want users to use.

For instance if you don't want User A to submit requests from SQLA, include both in request source with state specific settings of 0.

The user will get message [3151] TDWM Throttle violation for Conncurrent Queries... when they try to logon using SQLA.

You can add specific targets/characteristics also.