17.10 - Removing All IP Restrictions in an Emergency - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

In the event of an error in the IP restrictions that creates serious system problems, for example, restricting logons for all users (including user DBC), you can remove all IP restrictions immediately. If you follow the test procedure shown in Testing XML-Based IP Restrictions or Testing Directory-Based IP Restrictions, this emergency procedure should never be necessary.

  1. Save a backup copy of the current GDO file for possible use in diagnostics:
    cp /etc/opt/teradata/tdconfig/ipfilter.gdo  /etc/opt/teradata/tdconfig/ipfilter.gdo.save
  2. Disable IP filters by replacing the existing GDO file with the blank.xml file:
    /opt/teradata/tdgss/bin/ipxml2bin -G /etc/ipfilter.xml
    A tpareset is not required.
  3. Once you edit the IP restrictions to fix the problems, you can test and enable the revised restrictions.
    See one of the following, depending your restriction implementation: