Example: Primary Element Processing - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

The Teradata Vantage gateway processes the primary filter element first and defines the rule the filter uses to evaluate incoming IP addresses. The primary element specifies a range of IP addresses.

  • In a restrictive filter, the allow element is the primary. Suppose the allow element allows the following range of IP addresses:
    <allow ip=”141.206.35.0/

    Note that the allow element contains a zero for the last segment rather than specifying each allowed address within the subnet.

    If you specify this value for the element, it indicates that the filter allows any IP address in the 141.206.35 subnet, possibly a department within a large company.

  • A user attempts to access the database from the incoming IP address:
    141.206.35.175
  • The allow element includes the following mask, which it uses to test an incoming IP:
    255.255.255.0”/>

    The allow element mask has a zero in the fourth segment, so it tests only the first three segments of any incoming IP address. Since the first three segments of the mask have values of 255, the corresponding segments of the allow element and incoming IP address must match exactly to allow the logon. The first three segments match, the logon succeeds.

    The allow element achieves the same restriction capability if you express the mask as 24”/>.

Filtering is not complete at this point if the filter also contains a deny element, which the gateway must also consider.