17.10 - Implementation Process for Directory-Based IP Restrictions - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
July 2021
English (United States)
Last Update
  1. Review the concepts in Designing Directory-Based IP Restrictions.
  2. Review the Standard Teradata Schema Objects in IP Restrictions, Special IP Filter Schema Objects in IP Restrictions, and Working with IP Filter Attributes that you must use to define directory-based IP restrictions.
  3. Create IP filter containers and IP filter objects in the directory, listing the database users (tdatUser objects) that are affected in the tdatIPFilterMember attributes for each filter. See Creating IP Filters Containers and Inserting IP Filters.
    Directory-based IP restrictions initially apply only to tdatUser objects, which are directory representations of users defined in the database. To apply IP restrictions to directory users, you must map the directory users to the tdatUser objects affected by the filters. See Applying IPFilters to Directory Users.
  4. Save the IP restriction-related objects and mappings in the directory.
  5. Test the restrictions. See Testing Directory-Based IP Restrictions.
  6. After you complete testing and any necessary revisions, implement the restrictions in the database GDO. See Enabling Directory-Based IP Restrictions with the ipdir2bin Utility.
  7. Use tpareset to restart the database to enable the directory-based restrictions.
    You only need to restart the database for the initial implementation of IP restrictions. Subsequent changes to the restrictions do not require a restart.