17.10 - Implementation Process for Directory-Based IP Restrictions - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)
  1. Review the concepts in Designing Directory-Based IP Restrictions.
  2. Review the About Standard Teradata Schema Objects in IP Restrictions, About Special IP Filter Schema Objects in IP Restrictions, and Working with IP Filter Attributes that you must use to define directory-based IP restrictions.
  3. Create IP filter containers and IP filter objects in the directory, listing the database users (tdatUser objects) that are affected in the tdatIPFilterMember attributes for each filter. See Creating IP Filters Containers and Inserting IP Filters.
    Directory-based IP restrictions initially apply only to tdatUser objects, which are directory representations of users defined in the database. To apply IP restrictions to directory users, you must map the directory users to the tdatUser objects affected by the filters. See Applying IPFilters to Directory Users.
  4. Save the IP restriction-related objects and mappings in the directory.
  5. Test the restrictions. See Testing Directory-Based IP Restrictions.
  6. After you complete testing and any necessary revisions, implement the restrictions in the database GDO. See Enabling Directory-Based IP Restrictions with the ipdir2bin Utility.
  7. Use tpareset to restart the database to enable the directory-based restrictions.
    You only need to restart the database for the initial implementation of IP restrictions. Subsequent changes to the restrictions do not require a restart.