 |
 |
Archives of the TeradataForum
Message Posted: Fri, 07 Jan 2005 @ 08:54:26 GMT
| Subj: | | Re: Restricting IPs |
| |
| From: | | Victor Sokovin |
| | Does anyone know of a way to restrict users logging on to the Teradata system by their IP address at login in time? The user himself might
have access to Teradata Prod, let's say, but if they are on a particular machine/IP address and trying to log in then that user should be
restricted from doing anything on Teradata Prod. | |
It does make sense but it might be difficult to implement.
Just a few thoughts, though. If users use applications (not the "raw" TD tools), it is possible to implement such checking on the application
level. Before even connecting to TD the application would notify the user that he/she is not on an approved machine he/she is allowed to connect
from.
If a user has access to raw utilities, such as BTEQ, SQLA etc, and the database is not behind the firewall, then my understanding is that
nothing will stop him/her from logging in.
It is possible to monitor the sessions, though, and track where they are coming from. You can then set up alerts or even disconnect certain
sessions, if that is the requirement. I understand that tracking of the originating IP might sometimes involve going beyond the database as the
session table might store the generic IP address of the firewall etc.
Regards,
Victor
| |
