14.3.2. IP address restriction
Prev 14.3. Restricting Access Next

14.3.2. IP address restriction

To limit a user to an IP address or CIDR pattern, you need to edit or add a principal for that user. The following example adds a new principal, based on the example NetworkUser user created in the Remote Connections section.

  1. Select the user in the Users list, and in Principals click the Add button.

  2. Edit the IP Pattern from which they can connect. This could be a specific IP address, or a pattern using CIDR notation such as matching the first 16 bits of 175.91.3.15 with the pattern 175.91.0.0./16. See Users tab - Principals for more details.

    Since this is a networked connection, it is likely to be non-interactive. If so, you will need to remove the RequireTotpAuthentication permission set.

    When you are done, click OK.

  3. In the Roles panel, check the appropriate roles for this principal. For example, the AllDataFullAccess role needed for data access is often added for remote connections. To see all available roles, check the Show Available box.

  4. After making this addition, the NetworkUser would now look like this:

  5. Click the Apply button to apply the changes.

This principal would restrict the NetworkUser to connecting only from IP addresses starting with 175.91. Other principals can be added to a user to enable other permission scenarios.

Prev Up Next
14.3. Restricting Access Home 14.3.3. Data domain restriction