You can translate the question and the replies:

How to modify the column names in the row level security assigned for AD groups.

Hi Team, Could you please help me with the vql command to modify the column names in the row level restriction for the AD groups and roles. For example before the RLS is implemented for the columns 'x' and 'y' now i have to change to column 'Y for all the roles . I have to change the column name in the Assign restriction- > condition for the view restriction. Let me know if the synatx is correct, if i want to list all the columns of the view with row restriction, action reject rows. Alter role rolename grant metadata execute when any then (column_name = ‘search_value’) on view_name Also let me know it will replace the existing one if I already have one.
user
28-02-2021 16:18:30 -0500

1 Answer

Hi, I would modify the row level restrictions assigned to a Role using the following VQL command, * First, revoke the existing privilege, `ALTER ROLE <role_name> REVOKE EXECUTE when() then 'column_name = search_value OR column_name = search_value’ on <db>.<view_name>;` * Then, alter the role with the new set of row level restrictions using the below command, `ALTER ROLE <role_name> GRANT EXECUTE on <db>.<view_name> GRANT EXECUTE when() then 'column_name = search_value’ on <db>.<view_name>;` Modifying the role privileges this way would remove the existing row level restriction and add the newly created restriction. For more information, take a look at the [Granting Privileges to a User/Role](https://community.denodo.com/docs/html/browse/8.0/en/vdp/vql/creating_databases_users_roles_and_access_privileges/managing_users/modifying_the_privileges_of_a_user#granting-privileges-to-a-user-role) section of Virtual DataPort VQL Guide. Hope this helps!
Denodo Team
01-03-2021 04:30:03 -0500
You must sign in to add an answer. If you do not have an account, you can register here