For your scenario, I would create a [JDBC data source](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/creating_data_sources_and_base_views/jdbc_sources/jdbc_sources) using “**pass-through session credentials**” as an authentication type in Virtual DataPort Server. This allows Virtual DataPort to connect to SQL Server using the credentials of the user that executes the query.
Then, I would make sure to [create users](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/creating_users#creating-users) with the same credentials of the data source by navigating to the ‘**Administration > User Management**’ tab in Virtual DataPort Administration Tool.
For example, lets say a user “test_user” executes a query selecting the column which is restricted in MS SQL Server like “SELECT <data_source_restricted_field> FROM view_name” in VQL Shell.
During the execution, Virtual DataPort server will pass the session credentials to the data source which will apply the defined restrictions and then, will execute or throw permission exception accordingly.
You can take a look at the [Considerations When Configuring Data Sources with Pass-Through Credentials](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/appendix/considerations_when_configuring_data_sources_with_pass-through_credentials/considerations_when_configuring_data_sources_with_pass-through_credentials) section of Virtual DataPort Administration Guide for more information.
Hope this helps!