Data Level Authorization

boss248 Jan 13, 2012 11:17 AM

Does Teiid support authorization/roles at the data level? For example, if I want to restrict access to Clinical Trial Studies to certain users based one the study id, would I be able to do this in Teiid without creating a separate database table or materialized view?

1. Re: Data Level Authorization

rareddy Jan 13, 2012 11:53 AM (in response to boss248)

Yes. Please take look at http://docs.jboss.org/teiid/7.6.0.Final/reference/en-US/html_single/#dataroles

Designer has full UI support for defining them on the VDB Editor. Once you define these "data roles" using the Designer, create a "user roles" on the JAAS security domain you are using for the Teiid, then create map them with each other to force the authorizations.

Ramesh..
Actions
2. Re: Data Level Authorization

boss248 Jan 13, 2012 12:35 PM (in response to rareddy)

I think I miscommunicated my question - I'm not looking to set a data role on a column attribute, I'm looking to set security/authorization on an actual record in the database. For example, a clinical trial study id of 1,5,6,9 should be accessible to role X, and clinical trial study id of 2,3,4,7,8,10 should be accessible to role Y.
Actions
3. Re: Data Level Authorization

rareddy Jan 13, 2012 2:21 PM (in response to boss248)

We have authorization function called "hasRole()" that can be used in your view procedures to check if one is authorized for more customized access. No built in support at the individual column data level. You can possibly write a different views that query only specified id as you mention and restrict those views based on role.

Ramesh..
Actions

Go to original post