-
1. Re: File based authentication
rareddy Nov 14, 2012 9:23 AM (in response to ssamaresh)Yes, Teiid supports what we call "data roles". Based on the authorization group of your users, you can define different different policies/permissions for data access. See https://docs.jboss.org/author/display/TEIID/Data+Roles
There is also an example in kit in "docs/examples" on this.
Ramesh..
-
2. Re: File based authentication
ssamaresh Nov 14, 2012 11:11 AM (in response to rareddy)Can i do something like this ?
<data-role name="role2">
<description>Allow read</description>
<permission>
<resource-name>Mds_Db.V_MDM.CUSTOMER_ID='600015'</resource-name>
<allow-read>true</allow-read>
</permission>
<mapped-role-name>role2</mapped-role-name>
</data-role>
-
3. Re: File based authentication
rareddy Nov 14, 2012 12:12 PM (in response to ssamaresh)No, this is a up to column level security. Based on this, you can either grant or deny access to a given table, procedure or column in table, not if column value is say '600015'
What you are looking for is "row" level security. This is not configurable, however Teiid does support a security function called "hasRole", see https://docs.jboss.org/author/display/TEIID/Security+Functions, using this function you can write a virtual procedure, where you can inspect the data along with "hasRole" to return the data or throw error. See this on how to write virtual procedures https://docs.jboss.org/author/display/TEIID/Virtual+Procedures
Also, you can use Teiid Designer to help with design of the VDB. This helps in defining the data roles on vdb and also writing of virtual procedure.
Ramesh..
-
4. Re: File based authentication
ssamaresh Nov 14, 2012 1:42 PM (in response to rareddy)Ok thanks.
Do dynamic vdb's support virtual procedures ?
-