Denodo Security Enforcement

As the Virtual DataPort Administration Guide, explains in the section “Types of Access Rights” section, on VDP databases, views, rows, and columns. The denodo role-based access mechanism controls how and what a user or user role can use in the virtual layer, including the data catalog.

Import Denodo Security Notes

  • Consumer security authorization is imposed at the object level, then Data Level
  • Consumer security authorization is not imposed on Modeling Layers/VDP Folders
  • Using a virtual database to partition projects or subjects is a Best Practice

Basically, the ability to grant security is as follows:

VDP Database

  •  Permissions grants include connection, creation, read, write and admin privileges over a VDP database.

VDP Views

  • Permissions grants include read, write, insert, update and delete privileges over a view.

VDP Columns Within a VDP View

  • Permissions grants include the denial of the projection specific columns /fields within a view.

Row Level Security

  • Row Level restrictions can be added to allow users to obtain only the rows that match a certain condition or to return all the rows masking the sensitive fields

Denodo Virtual DataPort (VDP) Administration Guide

 For more information, see these section denodo Virtual DataPort Administration Guide:

  • Section 12.2 of the guide describes the general concepts of user and access rights management in DataPort, while
  • Section 12.3 describes how privileges are managed and assigned to users and roles using the VDP Administration Tool.

Virtual DataPort Administration Guide

Related References