This content has been marked as final.
Show 1 reply
-
1. Re: Is Teiid the right solution for my data security control
rareddy Nov 30, 2009 11:17 AM (in response to chalz)"chalz" wrote:
As of Teiid 6.2, I've read that the server solution enable the possibilty to assign roles to group, to control data access. At first it seems like it fits my need, but as far as I can tell, it seems like the authorisation is based on the user that is currently connected to the database (correct me if i'm wrong).
That is correct. The security is role based, which is determined by the logged in user's group."chalz" wrote:
I would like to be able to use only one user to connect to the database (VDB here) but filter the query result based on the user that make theses queries.
The user who is logged in to the Teiid, is the one who is making the queries, so I do not think that is possible.
What I understand from your post is, in your application you handle login for different uses, but you probably have single identity connection pool for Teiid, where you would like to push the identity of the original user on to the Teiid. Currently we do not allow identity switching on existing connection, see https://jira.jboss.org/jira/browse/TEIID-192, this is currently slated for 7.1 release. If you need this feature you can vote for this, we will see if we can bump in priority for this feature.
However, meanwhile if you can create a connection pool based on the original user's credentials who logged into your application you can solve this issue.
Also 7.0 release Teiid Server is moving to use JBoss AS to host Teiid engine, where you could *possibly* use the single sign-on if your application already uses JBoss."chalz" wrote:
We also plan to have the needs to integrate data from multiple source (SQL Server, PostgreSQL, etc) so if Teiid can be used for our security needs, it would then be simple to use it's base functionnality to cover our futur need of integrating data from multiple sources.
Data integration is our primary feature, so this can be done, given you can map your security requirements along the way I suggested.