16.10 - Example: Secondary Element Processing—Single Address Exception - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

After considering the primary element, the Gateway considers the secondary element, which represents an exception to the filter rule stated in the primary. In the example below, the secondary element specifies an individual address, contained within the range defined by the primary element, to exempt the address from the allow.

  • In the following example, a secondary deny element denies a single IP address from within the range of the primary allow element. This address could be a training computer that should not have direct access to the database.
    <deny ip=”141.206.35.175/
  • You can use the following mask to ensure that the filter tests all 32 bits of the IP address to enforce the deny restriction.
    255.255.255.255”/>

    The deny processing for the incoming IP address denies access even though the allow element allows it. The mask format indicates that all 32 bits of the address are significant. The format is necessary because the denied IP address is unique only in the fourth decimal segment.

The allow element achieves the same restriction capability if you express the mask as 32”/>