You can translate the question and the replies:

IP Based Access

How to give access to the user based on IP Address to view tables and capture the logs ?
user
13-04-2023 15:25:30 -0400
code

3 Answers

Hi, I understand that you want to give restrictions to some users when they are accessing Denodo base on their IP address. If you want to filter incoming access for the server that runs Denodo based on IP address, you can use the firewall settings on the server to filter the incoming IP address. If you run Denodo on Cloud such as AWS EC2, you can use the corresponding services to configure your security settings (e.g. Security Groups for EC2 instances on AWS). For this part please consult with your security administrator. Denodo uses user and role-based access control, so after you let users to access based on their IP address, users still need to authenticate and to have valid roles to do operations on Denodo.   In the case of allowing customizing the privileges for the existing roles/local users based on their IP, you can use the 'Global security policies' which you can find it at  [Design Studio/VDP admin tool] -- [Administration] -- [Semantics and Governance] -- [Global security policies]. In this page you can add a new global security policy to make restrictions based on the attributes of the user's session (e.g. IP address).  You can refer to the following documentation of [global security policies](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/global_security_policies/global_security_policies) for more information. Hope this will help!
Denodo Team
13-04-2023 22:46:18 -0400
code
Hi, Thanks for the answer, which is much helpful and also can you able to provide me the attritubes for the IP based restriction "Syntax" so i can test it.. I gone through the documentaions which i dont see any filters for the IP based restrctions. TIA..sorry for the so many questions
user
14-04-2023 14:20:09 -0400
Hi, You can open Global Security Policy from Design Studio or VDP administration tool --> Administration --> Semantic and governance --> Global security policies. 1, Click [+New] to add a new policy, then see the [Attributes of the user's session] under [Audience] section. 2, Choose any of the "Apply the policy to the audience that ...." based on the scenario, then click [add attributes] on the right. 3, Click [+New] to add a new attributes, you can find "clientIP" here, and use the operator "=","contains","in","like" to create the expression. For example, if you choose "Apply the policy to the audience that fails to meet all these conditions" and use attributes "clientIP like 192.168.10.%", this means any client IP address unlike 192.168.10.% will be restricted. (about how restricted depends on the other policy settings) Hope this helps!
Denodo Team
17-04-2023 03:37:38 -0400
code
You must sign in to add an answer. If you do not have an account, you can register here