Teiid does *NOT* have capability provide "security-domains" at VDB scope. Currently they are scope at the transport level (JDBC, ODBC). You can log a feature request for this in Teiid JIRA.
As alternative, what you can try is use of data roles, you can create a role for each vdb, and create permissions for access for that single role for that VDB, then map the data-role to the role in the teiid-security-roles.properties and to the users in teiid-security-users.properties.
What above does is, it will let the users authenticate themselves, but will not let them access any data.
I try use of data roles and it work ok.
Sorry about reponse with you for along time, because i have holiday in this month.
Thanks you so much about your help!