[
https://issues.jboss.org/browse/TEIIDDES-1548?page=com.atlassian.jira.plu...
]
Barry LaFond commented on TEIIDDES-1548:
----------------------------------------
{code:title=VDB with column masking}
<?xml version="1.0" encoding="UTF-8"?>
<vdb name="sample" version="1">
<model name="modelName">
<source name="source-name" translator-name="oracle"
connection-jndi-name="java:myDS" />
</model>
<data-role name="base-role" any-authenticated="true">
<description>Masking</description>
<permission>
<resource-name>modelName.tblName.column1</resource-name>
<mask>CASE WHEN column1=user() THEN column1 END</mask>
</permission>
</data-role>
<data-role name="RoleA">
<description>Read/Insert access.</description>
<permission>
<resource-name>modelName.tblName</resource-name>
<allow-read>true</allow-read>
<allow-create>true</allow-create>
</permission>
<permission>
<resource-name>modelName.tblName.column1</resource-name>
<condition>column2='x'</condition>
<mask order="1">column1</mask>
</permission>
<mapped-role-name>role1</mapped-role-name>
</data-role>
</vdb>
{code}
Add GUI handling for permission conditions
------------------------------------------
Key: TEIIDDES-1548
URL:
https://issues.jboss.org/browse/TEIIDDES-1548
Project: Teiid Designer
Issue Type: Feature Request
Reporter: Steven Hawkins
Assignee: Barry LaFond
Fix For: 8.2
A common request is to implement row based security. Teiid has added the ability to
define a permission condition for this purpose:
<permission>
<resource-name>...</resource-name>
<condition>sql</condition>
...
</permission>
The sql should resolve against the resource specified, ideally designer would check that
as well.
See TEIID-2311 and the reference for how these conditions are applied.
{code:title=vdb.xml snippet}
<data-role name="base-role" any-authenticated="true">
<description>Conditional access</description>
<permission>
<resource-name>modelName.tblName</resource-name>
<condition
constraint="false">column1=user()</condition>
</permission>
</data-role>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira