As the Virtual DataPort Administration Guide, explains in the section “Types of Access Rights” section, on VDP databases, views, rows, and columns. The denodo role-based access mechanism controls how and what a user or user role can use in the virtual layer, including the data catalog.
Important Denodo Security Notes
- Consumer security authorization is imposed at the object level, then Data Level
- Consumer security authorization is not imposed on Modeling Layers/VDP Folders
- Using a virtual database to partition projects or subjects is a Best Practice
Denodo Security Enforcement
Basically, the ability to grant security is as follows:
VDP Database
- Permissions grants include connection, creation, read, write and admin privileges over a VDP database.
VDP Views
- Permissions grants include read, write, insert, update and delete privileges over a view.
VDP Columns Within a VDP View
- Permissions grants include the denial of the projection specific columns /fields within a view.
Row Level Security
- Row Level restrictions can be added to allow users to obtain only the rows that match a certain condition or to return all the rows masking the sensitive fields
Denodo Virtual DataPort (VDP) Administration Guide
For more information, see these section denodo Virtual DataPort Administration Guide:
- Section 12.2 of the guide describes the general concepts of user and access rights management in DataPort, while
- Section 12.3 describes how privileges are managed and assigned to users and roles using the VDP Administration Tool.