Example: Secondary Element Processing—Single Address Exception - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-02-29
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

After considering the primary element, the Teradata Vantage gateway considers the secondary element, which represents an exception to the filter rule stated in the primary. In the following example, the secondary element specifies an individual address, contained within the range defined by the primary element, to exempt the address from the allow.

  • In the following example, a secondary deny element denies a single IP address from within the range of the primary allow element. This address could be a training computer that should not have direct access to the database.
    <deny ip=”192.0.2.20/
  • You can use the following mask to ensure that the filter tests all 32 bits of the IP address to enforce the deny restriction.
    255.255.255.255”/>

    The deny processing for the incoming IP address denies access even though the allow element allows it. The mask format indicates that all 32 bits of the address are significant. The format is necessary because the denied IP address is unique only in the fourth decimal segment.

The allow element achieves the same restriction capability if you express the mask as 32.