17.10 - Applying a Mask to a Filter - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

When an IP filter encounters an incoming IP address during a logon, it uses the following process to determine whether or not the IP address is allowed access to Teradata Vantage.

The example process is based on a typical allow element in a restrictive filter. If the filter also contains a deny element, it continues evaluation of the incoming IP until it also applies the deny parameters, which represent exceptions to the allow.
  1. Convert the specified IP in the primary element, for example, the allow element IP in a restrictive filter, to a binary string:
  2. Convert the primary element mask, for example, to a binary string.
  3. AND the binary string representing the allow element IP with the mask, to obtain the allow result (shown in bold):
  4. Examine the incoming IP address and convert it to binary format. For example, convert the incoming IP address to the following binary string:
  5. AND the binary incoming IP address with the allow element mask to obtain the incoming IP result (shown in bold):
  6. Compare the binary incoming IP result with the allow element IP result (for this example, they are equal).

    A filter has an effect on an incoming logon only if both of the following are true:

    • The incoming IP result matches the allow result.
    • The username in the logon appears in the appliesto element of the filter.
The filter continues to test the incoming IP address against the secondary parameters, in this case, the deny portion of the filter. If the secondary testing denies the logon, it fails, even if the primary testing allows the logon.