Enabling XML-Based IP Restrictions | Teradata Vantage - 17.10 - Enabling XML-Based IP Restrictions with the ipxml2bin Utility - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You must run the ipxml2bin utility to transfer the saved restrictions to the GDO. The utility looks for the file in the /opt/teradata/tdat/tdgss/site directory.

Syntax

ipxml2bin {-f output_file_name | -G } input_file_name

Syntax Elements

-f output_file_name
[Deprecated] An alternate file location for the ipxml2bin output, for use when testing the restrictions before committing them to the IP GDO.
-G
Causes the output to be written to the IPFILTER GDO.
input_file_name
The saved IP XML document file.

Procedure

  1. From the /site directory on the lowest numbered Vantage node, run the ipxml2bin utility to commit IP restrictions to the GDO.
    $ ipxml2bin -G input_file_name 
    Parse successful
    784 bytes written to the ipfilter GDO.

    The command populates the GDO and distributes it to all database nodes.

  2. Check for errors.

    XML errors that indicate syntax errors in the IP XML document.

    Non-XML errors, for example:
    • GDO support not available

      The user specified the -G utility option on a system where PDE is not installed.

    • GDO size limit exceeded; need #, limit #.

      The data in the XML file exceeds the GDO size limit (128K bytes). You must either reduce the amount of data in the XML file or switch to a directory-based solution.

  3. Run the tpareset utility to enable the restrictions.
    This step is only necessary for the initial implementation of IP restrictions, and does not apply to revising the XML document.