17.10 - Example: Primary Element Processing - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The Teradata Vantage gateway processes the primary filter element first and defines the rule the filter uses to evaluate incoming IP addresses. The primary element specifies a range of IP addresses.

  • In a restrictive filter, the allow element is the primary. Suppose the allow element allows the following range of IP addresses:
    <allow ip=”141.206.35.0/

    Note that the allow element contains a zero for the last segment rather than specifying each allowed address within the subnet.

    If you specify this value for the element, it indicates that the filter allows any IP address in the 141.206.35 subnet, possibly a department within a large company.

  • A user attempts to access the database from the incoming IP address:
    141.206.35.175
  • The allow element includes the following mask, which it uses to test an incoming IP:
    255.255.255.0”/>

    The allow element mask has a zero in the fourth segment, so it tests only the first three segments of any incoming IP address. Since the first three segments of the mask have values of 255, the corresponding segments of the allow element and incoming IP address must match exactly to allow the logon. The first three segments match, the logon succeeds.

    The allow element achieves the same restriction capability if you express the mask as 24”/>.

Filtering is not complete at this point if the filter also contains a deny element, which the gateway must also consider.