After running around in the denodo documentation trying to track down the roles and their capabilities, I decided to compile a unified overview of the denodo roles and their capabilities. So, here is a summary list of denodo role and I hope you find the list of denodo security roles helpful.
Grants the Solution Manager and manage of Denodo licenses capabilities, which includes: Create, edit and remove environments, clusters and servers.Set the Version Control System configuration.Set the Informative Message configuration.Manage licenses.
solution_manager_promotion
Grants the ability to create revisions, validate and deploy them in environments, which includes: Access the main information of the elements of the catalog in read only mode.Create, edit and remove her own revisions.Validate her own revisions in environments.Deploy her own revisions.
solution_manager_promotion_admin
Grants read only access to the main information of the elements of the catalog, and can: Manage deployment configurations.Manage load balancing variables.Set Virtual DataPort and Scheduler properties in environments and clusters.Create, edit and remove her own revisions.Access the revisions from other users in read only mode.Validate and deploy any revision in environments.
solution_manager_promotion_admin_development
Grants the ability to promote revisions created by users in any development environment.
solution_manager_promotion_admin_production
Grants the ability to promote revisions created by users in any production environment.
solution_manager_promotion_admin_staging
Grants the ability to promote revisions created by users in any staging environment.
Jmxadmin
Grants the privilege of connecting to the JMX interface of Virtual DataPort and includes: Access the main information of the elements of the catalog in read only mode.Change logging level of Virtual DataPort servers. Execute Denodo Monitor to gather the execution logs of the Virtual DataPort servers.
The user can connect to the database. If the user does not have this privilege on a database, the other privileges are ignored.
CREATE
The user can create new elements in the database and grants CREATE_DATA_SOURCE, CREATE_VIEW, CREATE_DATA_SERVICE and CREATE_FOLDER Privileges.
CREATE_DATA_SOURCE
The user can create new data sources in the database.
CREATE_VIEW
The user can create new views in the database.
CREATE_DATA_SERVICE
The user can create new data services (REST, SOAP web services and widgets) in the database.
CREATE_FOLDER
The user can create new folders in the database.
METADATA
The user has access to the metadata of the views but cannot query them.
EXECUTE
The user will have “Execute” privileges over the elements of the database and grants Metadata privileges.
WRITE
The user will have “Write” privileges over the elements of the database and grants Insert, Update and Delete privileges.
FILE
The user will have the privilege “FILE”, which will allow her to browse through the directories listed in the dialog “File privilege” of the wizard Server Configuration.
ADMIN
The user will have “Admin” (local administrator) privileges over the database.
Other Denodo Security Notes
There is not currently an explicit privilege to grant CREATE ASSOCIATION to a user/role without granting rights to create other objects.
Bert Swope