After you design the needed IP filters, you can use them to create an XML restriction document.
The examples in the following procedure use the filters created in Designing IP XML Restrictions.
- Open a text editor, such as vi or Notepad.
- Create the framework for the XML document, specifying the required information and element tags, using this syntax:
<?xml version="xml_version" encoding="encoding"?> <tdat name="tdat"> <system name="system_name"> <users> user [...] </users> <ipfilters> primary_filter_definition secondary_filter_definition </ipfilters> </system> </tdat>
- user
<user name="user_name" tag="user_tag"/>
- primary_filter_definition
<ipfilter name="primary_filter_name" type="restrictive"> <allow ip="primary_filter_ip_range"/> <deny ip="primary_filter_deny_range"/> <appliesto tagref="user_tag"/> [...] </ipfilter>
- secondary_filter_definition
<ipfilter name="secondary_filter_name" type="permissive"> <deny ip="secondary_filter_deny_range"/> <allow ip="secondary_filter_ip_range"/> <appliesto tagref="user_tag"/> [...] </ipfilter>
- xml_version
- Indicates the version of XML you are using to generate the document. This specification is for reference only. Example: 1.0
- encoding
- Defines the character set you are using in the XML document. Example: UTF-8
- tdat
- Specifies the name of XML document root element. Example: tdat. See tdat.
- system_name
- Specifies the name of the system to which the IP restrictions apply. The name must correspond to the tdpid that affected users specify when they log on to the database. Example: gizmo. See users.
- user
- User to which the restrictions in the XML document apply. Examples in a later step. See users.
- primary_filter_definition
- Filter definition that defines the restrictions in the XML restrictions. Example in a later step.
- secondary_filter_definition
- Filter definition that defines the restrictions in the XML restrictions. Example in a later step.
- user_name
- Vantage username. Examples in a later step.
- user_tag
- An XML document tag that links the corresponding Vantage username to an IP filter, when the tag value appears in the appliesto tagref attribute of the filter.
- primary_filter_name
- Specifies the name of the primary filter listed in the restriction document, a restrictive filter. Example: filter1.
- primary_filter_ip_range
- Specifies the IP range allowed by primary_filter_name.
- primary_filter_deny_range
- Specifies the range of the primary deny filter.
- secondary_filter_name
- Specifies the name of the secondary filter listed in the restriction document, a permissive filter. Example: filter2
- secondary_filter_deny_range
- Specifies the range of the secondary deny filter.
- secondary_filter_ip_range
- Specifies the IP exceptions allowed by secondary_filter_name.
- Add each user that is affected by the restrictions. For example:
<users> <user name="drct01" tag="xyzzy"/> <user name="perm01" tag="noside"/> <user name="extuser" tag="shazam"/> </users>
- Add the IP filters that define the IP restrictions for all users. For example:
<ipfilters> <ipfilter name="filter1" type="restrictive"> <allow ip="141.206.0.0/255.255.0.0"/> <deny ip="141.206.35.0/255.255.255.0"/> <appliesto tagref="xyzzy"/> <appliesto tagref="shazam"/> </ipfilter> <ipfilter name="filter2" type="permissive"> <deny ip="141.206.35.0/255.255.255.0"/> <allow ip="141.206.35.175/255.255.255.255"/> <appliesto tagref="noside"/> <appliesto tagref="xyzzy"/> </ipfilter> </ipfilters>
The primary filter, filter1, applies to users drct01 and extuser, because it specifies their user tags, xxzzy and shazam.
The secondary filter, filter2, applies to users perm01 and drct01, because it specifies their user tags, noside and xxzzy.