Enabling XML-Based IP Restrictions | Teradata Vantage - Enabling XML-Based IP Restrictions with the ipxml2bin Utility - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

You must run the ipxml2bin utility to transfer the saved restrictions to the GDO. The utility looks for the file in the /opt/teradata/tdat/tdgss/site directory.

The ipxml2bin syntax is:

ipxml2bin {-f output_file_name|-G} input_file_name

where:

The ipxml2bin option Specifies...
-f output_file_name

(deprecated)

An alternate file location for the ipxml2bin output, for use when testing the restrictions before committing them to the IP GDO.
-G Causes the output to be written to the IPFILTER GDO.
  1. From the /site directory on the lowest numbered Vantage node, run the ipxml2bin utility to commit IP restrictions to the GDO.
    $ ipxml2bin -G  input_file_name 
    Parse successful
    784 bytes written to the ipfilter GDO.

    where input_file_name is the saved IP XML document file.

    The command populates the GDO and distributes it to all database nodes.

  2. Check for errors:
    • XML errors that indicate syntax errors in the IP XML document.
    • Non-XML errors, for example:
      • GDO support not available

        The user specified the -G utility option on a system where PDE is not installed.

      • GDO size limit exceeded; need #, limit #.

        The data in the XML file exceeds the GDO size limit (128K bytes). You must either reduce the amount of data in the XML file or switch to a directory-based solution.

  3. Run the tpareset utility to enable the restrictions.
    This step is only necessary for the initial implementation of IP restrictions, and does not apply to revising the XML document.