17.10 - Rules for Using Network Groups to Define Policy Effects - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

Each ipNetwork object can appear in as many network groups as needed.

Each ipNetwork object functions independently, so overlap of IP address ranges among several ipNetwork objects is allowed.

You can create as many ipNetwork and network group objects as is required to represent the IP address ranges you want to use for assigning security policies.

To avoid detailed searches of the directory that would be required to verify the effects of IP based policy assignments, the database holds policy-related IP information in the network cache. The network cache is not updated dynamically.

If you make changes to ipNetwork or Network Group objects in the directory you must perform a TPA reset to force the database to reload the network cache and make the revised information available for policy enforcement.