-
1. Re: How to create a new role and users for VDB?
asmigala Nov 24, 2015 3:12 AM (in response to allenyu6)Hi allenyu6 , the user you added using command line is stored in $JBOSS_HOME/standalone/configuration/application-users.properties . In the same directory, there's also a file application-roles.properties, which you can edit to assign roles to users, the format is simple userName=list,of,roles. See EAP documentation for more details.
Once you create the users and assign roles, you can add permissions to the VDB using either Teiid Designer's VDB Editor or, if you are using dynamic VDBs, by adding the appropriate <data-role> elements.
-
2. Re: How to create a new role and users for VDB?
rareddy Nov 24, 2015 9:06 AM (in response to allenyu6)To add to Andrej's response, typically you do not add users, users are already defined in your Active Directory or LDAP system etc. Even if you are looking at Teiid users as separate, tackle that issue separately. The default security domain is "teiid-security" which works with "application-users.properties" and "application-roles.properties". If you are looking for adding users programatically, then you may write/extend your login module to fit your needs in extreme cases. But here few questions needs to be answered as what kind of application you are developing and what is the UI for it. There is also a DatabaseLoginModule you should investigate.
Ramesh..
-
3. Re: How to create a new role and users for VDB?
allenyu6 Nov 24, 2015 3:06 PM (in response to rareddy)I was able to create a user and assign a role called "user", but the problem is it has access same as teiidUser, where and how I change the privilege in the TEIID designer? I try to find it hard, can someone provide a screenshot here?
-
4. Re: How to create a new role and users for VDB?
allenyu6 Nov 24, 2015 3:07 PM (in response to allenyu6)I think we should be able to assign not only privileges on VDB but also the tables, even the columns, but I just can't find it where you can do it in designer..
-
5. Re: How to create a new role and users for VDB?
asmigala Nov 25, 2015 3:41 AM (in response to allenyu6)The way data roles work is that if you don't specify a data role in the VDB, all models will be accessible to all users. Once you specify at least on data role, only the users which are mapped in the data roles will have the specified permissions.
This is how you assign data roles in Designer:
- open the VDB editor, switch to Advanced tab and then to Data Roles tab, click the Add button
- Switch to the Mapped Enterprise Role or Group, click Add and set the name of the role you want to assign
- Switch to the Permission tab and setup you model/table/column permissions, column masking or row filtering.
You can find more about the data roles in Teiid documentation: Data Roles - Teiid 9.0 (draft) - Project Documentation Editor
- open the VDB editor, switch to Advanced tab and then to Data Roles tab, click the Add button