16.10 - Example: Secondary Element Processing—Single Address Exception - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

After considering the primary element, the Gateway considers the secondary element, which represents an exception to the filter rule stated in the primary. In the example below, the secondary element specifies an individual address, contained within the range defined by the primary element, to exempt the address from the allow.

  • In the following example, a secondary deny element denies a single IP address from within the range of the primary allow element. This address could be a training computer that should not have direct access to the database.
    <deny ip=”141.206.35.175/
  • You can use the following mask to ensure that the filter tests all 32 bits of the IP address to enforce the deny restriction.
    255.255.255.255”/>

    The deny processing for the incoming IP address denies access even though the allow element allows it. The mask format indicates that all 32 bits of the address are significant. The format is necessary because the denied IP address is unique only in the fourth decimal segment.

The allow element achieves the same restriction capability if you express the mask as 32”/>