Configuring Policy-Related Properties for a Global Security Policy - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

To configure a global security policy, you must add a Policy element after the Canonicalizations section in the LdapConfig section of the TdgssUserConfigFile.xml, and add the necessary attributes and values.

A global policy can contain the following attributes.

Attribute Name Required Description
Ref Yes The service (directory) that contains the global policy.
LdapPolicyFQDN Yes The FQDN of the policy container in the directory that contains the global policy structure.
LdapNetworkBaseFQDN No Locates the container for ipNetwork entries.

If LdapNetworkBaseFQDN is not provided, the system uses the value in the LdapBaseFQDN attribute for the containing service.

If no value is present for either LdapBaseFQDN or LdapNetworkBaseFQDN, the system does not use the client IP address for determining the applicable QOP policy or options.

For example:

<LdapConfig>

   <Tls ... />
   <Services>
   ...
   <Services>
   <Canonicalizations>
   ...
   </Canonicalizations>
   <Policy
      Ref="globalpolicysvc"
      LdapPolicyFQDN="?"
      LdapNetworkBaseFQDN="dc=domain,dc=com"/>
   </Policy>
</LdapConfig>