Denodo Security Checklist

Applies to: Denodo 8.0
Last modified on: 13 Jul 2022
Tags: Administration Kerberos LDAP SSL Security

Download document

You can translate the document:


This document guides readers through the different steps to secure a Denodo installation.

Post-installation checklist


Comply (Y/N)





Is the update to be installed downloaded from the Support Site?


How to identify the Denodo Platform version and update installed

Is there a user with proper privileges to install the update?

Is the latest update installed?

Changed the default password of ‘admin’ account (or) created a new administrator user and then, remove the user ‘admin’ account?


Is transparent data encryption enabled to encrypt the default Derby database? (if used)

Transparent Metadata Encryption



 SSL/TLS Configurator Script

Is there a SSL certificate self-signed or from a CA for the Denodo server? (if applicable)


Is SSL configured in the Denodo servers? (if applicable)


Is SSL configured in the Denodo Platform tools? (if applicable)


Is SSL configured in the Embedded Web Container? (if applicable)


Is SSL configured for external clients? (if applicable)


Are the certificates of Data Sources imported in the Denodo truststore? (if applicable)


Only if the VDP server needs to use SSL to connect to Data Sources.

Is SSL configured in the Solution Manager?(if applicable)

Enable SSL/TLS in the Solution Manager

Is SSL configured in the Solution Manager tools? (if applicable)


Are roles defined?


This may be done during deployment instead of during installation.

Are privileges assigned?


This may be done during deployment instead of during installation.

Types of Access Rights

Are security restrictions defined with Global Security Policies? (if applicable)

Global Security Policies




Is the LDAP data source defined? (if applicable)


Virtual DataPort Admin Tool.

Is the database configured to delegate authentication to LDAP? (if applicable)


This may be done during deployment instead of during installation.


Does the Solution Manager delegate authentication to external identity providers like SAML, OAuth, OpenID ?  (if applicable)

Denodo Security Token


Is Kerberos Authentication set up ? (if applicable)

Setting-up Kerberos Authentication

Credentials Vault

Is integration with Credentials Vault enabled to obtain the credentials of JDBC data sources?

Credentials Vault


Is an information security audit running every few months?

Auditing User Access in Virtual DataPort

Are Resource Manager rules set to reject requests from unknown IPs?


Resource Manager


Denodo Security Overview


Ask a question
You must sign in to ask a question. If you do not have an account, you can register here

Featured content


Ready for more? Great! We offer a comprehensive set of training courses, taught by our technical instructors in small, private groups for getting a full, in-depth guided training in the usage of the Denodo Platform. Check out our training courses.