17.10 - About GDO-Based IP Access Restriction - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
You can define IP restrictions in:
  • Teradata Vantage, by creating an XML IP document
  • A supported directory, by configuring Teradata schema objects in the directory
    You must use Teradata schema extensions to configure IP filter directory objects. Directories configured without Teradata extensions, as shown in Using Native Directory Schema to Provision Directory Users, cannot use directory-based IP restrictions.

After defining the IP restrictions, you must transfer them to the IP restriction GDO.

The system applies IP restrictions to users based on:
  • Filters that define allowed or denied IP addresses or address ranges.
  • The users assigned to each filter.

The Teradata Vantage gateway screens each database logon and allows or denies the logon according to the IP restrictions in the GDO. If no IP restrictions exist, the database allows logons from any IP address to an authenticated user.