Home / Q&A / base view fals when select granted on columns subset
You can translate the question and the replies:

base view fals when select granted on columns subset

Hallo Denodo Team I am experimenting with authorizations and permissions. On a mysql database I gave select grant to a user on a subset of a table's columns. I created denodo base views as an "unrestricted" user. When I log into denodo as the "restricted" user (authentication being set to pass-through), I expected to query the aforementioned base view and see the columns for which select   permission was granted, but the query failed because it involved all columns. What is wrong in my course of actions? Thank you Alberto
MySQL Grant pass-through
user
02-02-2019 15:27:22 -0500

3 Answers

Hi, For your scenario, I would recommend to execute the query on the VQL shell for which the user has the appropriate column permission in Pass-Through credential mode. For example : `select <column 1>,<column2>,<column n> From <View_name>` For detailed information, you can refer to section [Considerations When Configuring Data Sources with Pass-Through Credentials ](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/appendix/considerations_when_configuring_data_sources_with_pass-through_credentials/considerations_when_configuring_data_sources_with_pass-through_credentials) of the Virtual DataPort Administration Guide. Hope this helps!
Denodo Team
04-02-2019 04:28:24 -0500
Hallo Team, thank you for the answer. What if the VQL shell is not a viable solution? I am thinking of an external reporting tool, for instance. Should we define different projection views for each different user/role? Thank you in advance
user
05-02-2019 06:33:36 -0500
Hi, Yes, creating different projection views is an option. I would prefer handling the permissions in the Denodo than underlying datasources. You can MASK the values of column rather than making the query fail based on USER/ROLE restrictions. This way you don't need to create different projections views. For more details, you can refer to [User and Access Right in Virtual DataPort](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#user-and-access-right-in-virtual-dataport) of the Virtual DataPort Administration Guide. You might be interested in section 'Mask sensitive fields if any or all of them are used' under Row Restrictions. Hope this helps!
Denodo Team
04-04-2019 08:01:57 -0400
You must sign in to add an answer. If you do not have an account, you can register here