The need is to accept a view parameter which will contain some security related information/token from another internal system. Based on that info, the view columns needs to be masked or/and filter rows and return to the consuming application. The additional requirement is to add reason code if some of the columns get masked because of certain conditions.
We could create stored procedures, parse the input string, apply the logic, build a result set, include reason code if column masking was done and finally return the result set. But this solution is neither reusable nor scalable if another view need to apply similar conditions.
Since Custom Policies has access to the context and by which we could access the view fields, role details dynamically and apply logic there to filter/mask. We would like to understand whether it is a possibliity to access view parameter also inside the custom policy. We understand custom policies are interceptors, but we would like to leverage the security framework of Denodo and exploring options.
For example here is the signature of the view and MyCustomPolicy is applied
MyView(text FilterCondition)
To summarize
Is it possible to access a view's input parameter in the custom policy applied on that view? Secondly is it possible to add a reason code when masking occurs in a custom policy?
Thanks in advance for your time.