[ https://issues.jboss.org/browse/TEIID-2471?page=com.atlassian.jira.plugin... ] Steven Hawkins resolved TEIID-2471. ----------------------------------- Resolution: Done Added the MetadataFactory methods: addPermission addSchemaPermission addColumnPermission So that datarole (both the typical CRUD authorizations and the new column masking and row based filters) permissions can be added via a custom MetadataRepository. The permissions are merged with the statically defined roles in the vdb - so it's expected that the role name given in the add permission method exists. This covers basic pluggable scenarios and is somewhat updatable in that metadata caching can be disabled for the given source or that vdb restart may be performed that purges the metadata cache so that permissions can be reapplied as needed on restart. Additional enhancements will be needed for full runtime control (such as grant statements with additional metadata repository/event distribution). It would also be nice somewhere to have an option to effectively enable a static policy such that all plans can still be shared (there are potential planning drawbacks though if any single operation inhibits pushdown). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira