You can translate the question and the replies:

Access to Base tables with out table data and develop Denodo Business Layer.

Hi Team, The requirement is to do the development/support of the Denodo applications. Like alter the column sequence to the derived view and save it and test the derived views. Is there any posibility to have access to the develoment environment and No access to the Base views (source data). Due to security resasons we should not see the table/views data have to work on metadata alone. The development or support activities on derived views required to save the work, for this we need execute access, by getting that we can see the data from the base tables. In this case how we can work with Metadata without having access to the data in the base or derived views? Please let me know is there any posibility to work like this. I appriciate your help on this. Thanks & Regards, Dhanunjaya P.

1 Answer

Hi, Virtual DataPort server by default expects user to have execute access to base views when creating derived view. However to address special scenarios like the one you have Virtual DataPort has features like [Resource Manager](https://community.denodo.com/tutorials/browse/resourcemanager/1usage), [Column Privlileges](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#column-privileges), [Row Restrictions](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#row-restrictions). If having one row from baseview is acceptable, I would set a plan in the Resource Manager such that any query executed would always yield only one record and would set this plan to be executed for the intended User/Role in the Virtual DataPort server. This helps for my derived view logic testing as well. As an alternative, I would set execute privilege in my base views with a Row restriction (with a dummy condition 1=0) and include all fields of the view to be masked. Then, I would have the below property run by the “admin” user from the VQL shell of the Virtual DataPort Administration Tool . * SET 'com.denodo.vdb.catalog.user.User.enableCheckViewRestrictionAlways' = 'true'; * SET 'com.denodo.vdb.catalog.user.User.checkViewRestrictionAlways' = 'true'; The above property allows for creating derived view over views which has restrictions and does not need Virtual DataPort server restarts. The downside of this approach is that all the data fields from base view would be masked as NULL and may not effectively help for testing the created/modified derived views. I would refer to the below link pointing to the user manual of the Virtual DataPort Administration Guide for more details on restrictions. * [Enforcing Column Privileges Row Restrictions and Custom Policies](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#enforcing-column-privileges-row-restrictions-and-custom-policies) Hope this helps!
Denodo Team
21-08-2019 07:22:00 -0400
You must sign in to add an answer. If you do not have an account, you can register here