Restricting Logons by Host Group | Teradata Vantage - 17.10 - Restricting Logons by Host Group - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
You can control access to Teradata Vantage for a large group of users by disabling logons for a host group associated with a set of connections to the database. The Gateway subsequently denies database access to clients that connect through the disabled host groups. The restriction does not affect clients that use other connections.
The database defaults to a single host group, HGID 1.
  1. A Teradata Customer Service representative configures PDE to define multiple host groups using the Vconfig utility. Each host group appears as a separate HGID in the vconfig.txt file.
  2. A Teradata Customer Service representative configures the database to define multiple hosts using the Configuration utility ADD HOST command. Each host must include the same vprocs as the corresponding host group in Vconfig. You can verify the current host configuration with the LIST command.
  3. The network administrator assigns multiple aliases (tdpids) to the Teradata Vantage system, and maps each tdpid to a set of COP names and IP addresses, which corresponds to a configured host group.
  4. The network administrator assigns a Vantage client or group of clients to a single tdpid that corresponds to a host group.
  5. You can disable a host group and tdpid without affecting clients assigned to other tdpids.
    • You can use the REVOKE LOGON statement to revoke all logons to a host group:
      REVOKE LOGON ON hostid AS DEFAULT

      where hostid corresponds to a host group (HostNo value).

      You can limit the restriction to a user or comma-separated list of users with the clause FROM userid:

    • You can use the Gateway Global utility to disable logons:
      • Use the SELECT HOST command to identify the host group to be disabled.
      • Use the DISABLE LOGONS command to disable logons through the selected host.
Make sure you understand the relationship between the host group (HostNo), tdpid, and networked clients so that you disable the correct host group.