Restricting Logons by Host Group | Teradata Vantage - 17.20 - Restricting Logons by Host Group - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
You can control access to Teradata Vantage for a large group of users by disabling logons for a host group associated with a set of connections to the database. The gateway subsequently denies database access to clients that connect through the disabled host groups. The restriction does not affect clients that use other connections.
The database defaults to a single host group, HGID 1.
  1. A Teradata representative configures PDE to define multiple host groups using the Vconfig utility. Each host group appears as a separate HGID in the vconfig.txt file.
  2. A Teradata representative configures the database to define multiple hosts using the Configuration utility ADD HOST command. Each host must include the same vprocs as the corresponding host group in Vconfig. You can verify the current host configuration with the LIST command.
  3. The network administrator assigns multiple aliases (tdpids) to the Teradata Vantage system, and maps each tdpid to a set of COP names and IP addresses, which corresponds to a configured host group.
  4. The network administrator assigns a Vantage client or group of clients to a single tdpid that corresponds to a host group.
  5. You can disable a host group and tdpid without affecting clients assigned to other tdpids.
    • You can use the REVOKE LOGON statement to revoke all logons to a host group:
      REVOKE LOGON ON hostid AS DEFAULT

      where hostid corresponds to a host group (HostNo value).

      You can limit the restriction to a user or comma-separated list of users with the clause FROM userid:

    • You can use the Gateway Global utility to disable logons:
      • Use the SELECT HOST command to identify the host group to be disabled.
      • Use the DISABLE LOGONS command to disable logons through the selected host.
Make sure you understand the relationship between the host group (HostNo), tdpid, and networked clients so that you disable the correct host group.