17.10 - About Permissive Filters - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

A permissive filter without a deny element permits logons from all IPs regardless of which IPs are explicitly allowed by the allow element. You can use permissive filter deny elements to define denied IPs for a list of users, and then optionally use an allow element to enable some IPs within the denied range.

The Teradata Vantage gateway first processes permissive filter deny elements, and then processes the allow elements. As a result, the gateway denies any IP address listed in the deny element unless it also appears in an allow element, in which case the gateway allows the IP to access the database.