Implementation Process for Directory-Based IP Restrictions - Advanced SQL Engine

Implementation Process for Directory-Based IP Restrictions - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

September 2020

Language

English (United States)

Last Update

2021-01-23

dita:mapPath

ied1556235912841.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

Review the concepts in Designing Directory-Based IP Restrictions.
Review the About Standard Teradata Schema Objects in IP Restrictions, About Special IP Filter Schema Objects in IP Restrictions, and Working with IP Filter Attributes that you must use to define directory-based IP restrictions.
Create IP filter containers and IP filter objects in the directory, listing the database users (tdatUser objects) that are affected in the tdatIPFilterMember attributes for each filter. See Creating IP Filters Containers and Inserting IP Filters.
Directory-based IP restrictions initially apply only to tdatUser objects, which are directory representations of users defined in the database. To apply IP restrictions to directory users, you must map the directory users to the tdatUser objects affected by the filters. See Applying IPFilters to Directory Users.
Save the IP restriction-related objects and mappings in the directory.
Test the restrictions. See Testing Directory-Based IP Restrictions.
After you complete testing and any necessary revisions, implement the restrictions in the database GDO. See Enabling Directory-Based IP Restrictions with the ipdir2bin Utility.
Use tpareset to restart the database to enable the directory-based restrictions.
You only need to restart the database for the initial implementation of IP restrictions. Subsequent changes to the restrictions do not require a restart.