3 Replies Latest reply on May 19, 2017 3:20 PM by shawkins

How Teiid maintain security with respect to user management, access management.

kulbhushanc May 15, 2017 2:04 AM

Hi,

I have tried scenario by creating multiple application user and admin user both type of user can access each others VDB(s) or Connection.

How can I restrict users from accessing each others VDBs or Connections?

Note:

I am using ->

Wildfly 10.0.0 and Teiid 9.1.3

Thanks,

Kulbhushan Chaskar.

1. Re: How Teiid maintain security with respect to user management, access management.

rareddy May 15, 2017 10:10 AM (in response to kulbhushanc)

You would need to create different "security domain" for each VDB, and configure VDB to use that security-domain. See [1] for setting security domain property in vdb.xml file.

As per creating the different security-domains in WildFly, see [2]

[1] VDB Properties · Teiid Documentation
[2] Security subsystem configuration - WildFly 8 - Project Documentation Editor
Actions
2. Re: How Teiid maintain security with respect to user management, access management.

kulbhushanc May 19, 2017 7:14 AM (in response to rareddy)

Can we create security domain programatically/dynamically? using using teiid admin api or any other api?
Actions
3. Re: How Teiid maintain security with respect to user management, access management.

shawkins May 19, 2017 3:20 PM (in response to kulbhushanc)

Using the AS cli, you can create security domains. See the snippets from the Teiid scripts - teiid/teiid-feature-pack/wildfly-integration-feature-pack/src/main/resources/content/bin/scripts at master · teiid/teiid…

For example in standalone mode - teiid/teiid-standalone-mode-install.cli at master · teiid/teiid · GitHub

Each security domain would need its respective login modules configured so that users were segregated.

If you are looking for some other mechanism, such as restricting vdb access based upon role, there isn't something like that yet but you can create an enhancement request if desired.
Actions

Go to original post