16.10 - About Permissive Filters - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

A permissive filter without a deny element permits logons from all IPs regardless of which IPs are explicitly allowed by the allow element. You can use permissive filter deny elements to define denied IPs for a list of users, and then optionally use an allow element to enable some IPs within the denied range.

The Gateway first processes permissive filter deny elements, and then processes the allow elements. As a result, the Gateway denies any IP address listed in the deny element unless it also appears in an allow element, in which case the Gateway allows the IP to access the database.