16.10 - About GDO-Based IP Access Restriction - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can define IP restrictions in:

  • Teradata Database, by creating an XML IP document
  • A supported directory, by configuring Teradata schema objects in the directory
    You must use Teradata schema extensions to configure IP filter directory objects. Directories configured without Teradata extensions, as shown in Using Native Directory Schema to Provision Directory Users, cannot use directory-based IP restrictions.

After defining the IP restrictions, you must transfer them to the IP restriction GDO.

The system applies IP restrictions to users based on:

  • Filters that define allowed or denied IP addresses or address ranges.
  • The users assigned to each filter.

The Gateway screens each database logon and allows or denies the logon according to the IP restrictions in the GDO. If no IP restrictions exist, the database allows logons from any IP address to an authenticated user.