You can translate the question and the replies:

How would you grant specific privileges on the individual items in a Dendo database to a role?

How would you specifically grant execute on one datasource to a role? All users are members of roles. The role administration tool only allows privilege grants on the entire Denodo database, and in this case that is not desired. We have all datasources in an "admin" database, and base views are in individual databases based on those common datasources. For each entity that has a database, they can run queries against those base views fine, until you enable data movement, which requires Execute on the datasource. Is there a way to grant execute to a role on only one datasource in that "admin" database without granting it to ALL datasources? I don't see that explained in Role Management documentation, I only see the requirement for Execute on the datasource that is the data movement target.
user
04-08-2023 10:31:11 -0400
code

1 Answer

Hi, You can define [Fine-Grained Privileges at View Level](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/fine_grain_view_privileges/fine_grain_view_privileges): open Design Studio/VDP Administration Tool, from Administration > Role Management, if you click on the Advanced button of your view's database you will be able to set privileges on a specific Data Source or View. Fine-Grained Access Control feature is available for every Denodo distribution. As an alternative, for more advanced access policies, [Custom View Policy](https://community.denodo.com/docs/html/browse/8.0/en/vdp/developer/custom_policies/developing_a_custom_policy) is also available. Hope this helps.
Denodo Team
07-08-2023 09:05:32 -0400
code
You must sign in to add an answer. If you do not have an account, you can register here