16.10 - Restricting Logons by Host Group - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

You can control access to Teradata Database for a large group of users by disabling logons for a host group associated with a set of connections to the database. The Gateway subsequently denies database access to clients that connect through the disabled host groups. The restriction does not affect clients that use other connections.

The database defaults to a single host group, HGID 1.
  1. A Teradata Customer Service representative configures PDE to define multiple host groups using the Vconfig utility. Each host group appears as a separate HGID in the vconfig.txt file.
  2. A Teradata Customer Service representative configures the database to define multiple hosts using the Configuration utility ADD HOST command. Each host must include the same vprocs as the corresponding host group in Vconfig. You can verify the current host configuration with the LIST command.
  3. The network administrator assigns multiple aliases (tdpids) to the Teradata Database system, and maps each tdpid to a set of COP names and IP addresses, which corresponds to a configured host group.
  4. The network administrator assigns a Teradata client or group of clients to a single tdpid that corresponds to a host group.
  5. You can disable a host group and tdpid without affecting clients assigned to other tdpids.
    • You can use the REVOKE LOGON statement to revoke all logons to a host group:
      REVOKE LOGON ON hostid AS DEFAULT

      where hostid corresponds to a host group (HostNo value).

      You can limit the restriction to a user or comma-separated list of users with the clause FROM userid:

    • You can use the Gateway Global utility to disable logons:
      • Use the SELECT HOST command to identify the host group to be disabled.
      • Use the DISABLE LOGONS command to disable logons through the selected host.
Make sure you understand the relationship between the host group (HostNo), tdpid, and networked clients so that you disable the correct host group.