16.10 - About Permissive Filters - Teradata Database

Teradata Database Security Administration

Teradata Database
Release Number
Release Date
June 2017
Content Type
Publication ID
English (United States)

A permissive filter without a deny element permits logons from all IPs regardless of which IPs are explicitly allowed by the allow element. You can use permissive filter deny elements to define denied IPs for a list of users, and then optionally use an allow element to enable some IPs within the denied range.

The Gateway first processes permissive filter deny elements, and then processes the allow elements. As a result, the Gateway denies any IP address listed in the deny element unless it also appears in an allow element, in which case the Gateway allows the IP to access the database.