Example: Restrictive Filtering - Analytics Database

Example: Restrictive Filtering - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

ft:locale

en-US

ft:lastEdition

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

<ipfilter name="filter1" type="restrictive">
      <allow ip="192.0.2.0/255.255.0.0"/>
      <deny ip="198.51.100.0/255.255.255.0"/>
      <appliesto tagref="xyzzy"/>
      <appliesto tagref="shazam"/>
</ipfilter>

where:

Term	Description
ipfilter name="filter1"	The unique name of an IP filter.
type="restrictive"	The filter type. This term identifies whether the filter is a restrictive or permissive type, and indicates the order in which testing takes place when the filter evaluates an incoming IP address.
<allow ip="192.0.2.0/255.255.0.0"/>	The allow element appears first in a restrictive filter. The allow element is divided into two segments, separated by a / : The filter: <allow ip="192.0.2.0/ Allows users to access the database from any IP address within the 192.0 subnet, unless the address explicitly appears in the deny element that follows. The filter denies access to all IPs not included in the allow element. The mask: 255.255.0.0 Determines the extent to which the filter tests an incoming IP address against access allowed in the allow element. A mask of 255.255.0.0 tests the first two decimal segments of each IP address seeking access, to determine whether or not it falls within the allowed range. You can use the allow element in a restrictive filter to specify a higher level in the network tree than what you use for the deny element.
<deny ip="198.51.100.0/255.255.255.0"/>	The deny element appears second in a restrictive filter. The deny element is divided into two segments, separated by a / : The filter: <deny ip="198.51.100.0/ Explicitly denies all addresses in the 198.51.100 subnet, even though it is within the range of IPs allowed by the allow element. The filter denies access to other IP addresses if they appear in a subsequent deny element. The mask: 255.255.255.0 Determines the extent to which the filter tests an incoming IP address against access denied in the deny element. A mask of 255.255.255.0 tests the first three decimal segments of each IP address seeking access, to determine whether or not it falls within the denied range. You can use the deny element in a restrictive filter to specify a lower level in the network tree than you use for the allow element, to define exceptions to the IPs explicitly allowed in the allow element. You can use multiple deny elements, if necessary.
<appliesto tagref="xyzzy"/>	Identifies a user affected by this set of filter rules. The appliesto tagref values must correspond to tag attributes assigned to individual users listed in user elements of the XML IP restriction document.
<appliesto tagref="shazam"/>	Identifies a second user affected by this set of filter rules.