16.10 - Implementation Process for Directory-Based IP Restrictions - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  1. Review the concepts in Designing IP Directory-Based IP Restrictions.
  2. Review the About Standard Teradata Schema Objects in IP Restrictions, About Special IP Filter Schema Objects in IP Restrictions, and Working with IP Filter Attributes that you must use to define directory-based IP restrictions.
  3. Create IP filter containers and IP filter objects in the directory, listing the database users (tdatUser objects) that are affected in the tdatIPFilterMember attributes for each filter. See Creating IP Filters Containers and Inserting IP Filters.
    Directory-based IP restrictions initially apply only to tdatUser objects, which are directory representations of users defined in the database. To apply IP restrictions to directory users, you must map the directory users to the tdatUser objects affected by the filters. See Applying IPFilters to Directory Users.
  4. Save the IP restriction-related objects and mappings in the directory.
  5. Test the restrictions. See Testing Directory-Based IP Restrictions.
  6. After you complete testing and any necessary revisions, implement the restrictions in the database GDO. See Enabling Directory-Based IP Restrictions with the ipdir2bin Utility.
  7. Use tpareset to restart the database to enable the directory-based restrictions.
    You only need to restart the database for the initial implementation of IP restrictions. Subsequent changes to the restrictions do not require a restart.