[ https://issues.jboss.org/browse/TEIID-2471?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-2471: --------------------------------------- So one possible path here would be add/grant permission methods (more than likely not yet exposing the admin permission metadata object): void MetadataFactory.addPermission(String role, String resource, Boolean allowCreate, ... String condition) void MetadataFactory.addColumnPermission(String role, String resource, ... String maskExpression, String maskCondition, Integer maskOrder) ... Then we would simply aggregate by role as part of the normal metadata merging processes as we build a single MetadataStore. The only disadvantage here is that the MetadataRepository is not consulted for cached schemas, but that may just mean that role updates require vdb restarts that clear the affected schemas. Another approach would be to add methods to the MetadataRepository base class to pull possibly the xml definition of the dataroles, which would always be consulted at load time. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira