You can translate the document:


Collibra is a platform that provides data governance and data quality functionalities.

In this document we will work with an existing database that has already been created in Collibra starting from a Denodo virtual database.

We will use this database to create some tags and establish a security classification in one of its tables. After assigning them, we will import them to Denodo using two methods: one using the  Import Tags from External Catalog functionality and the other method will be using the stored procedure CREATE_TAGS_FROM_COLLIBRA. Then, we will create a Global Security Policy to restrict the access to restricted information for some users.

NOTE: these features are only available with the subscription bundle Enterprise Plus. To find out the bundle you have, open the About dialog of the Design Studio or the Administration Tool. See more about this in the section Denodo Platform - Subscription Bundles.



First, in Collibra’s dashboard we need to search for our domain. In our example this domain is called Denodo Logical Data Fabric.

In our domain, we can see that it has two Physical Data Dictionaries. We are going to use LDW Performance, so we have to click on it to see the assets that were created in the integration of the Denodo Database in Collibra.

Physical Data Dictionary

We can see in the image below that there are different types of assets in the Physical Data Dictionary LDW Performance and we need to filter with the asset type: Table. To filter it:

  1. Click on “Edit”  filters.

  1. To obtain the tables we introduce “table”, check the box and click on ”Apply”.

We can see that we have five tables. We will use the sample_ldw table.


By clicking on the table sample_ldw, we see that we have three columns:

  1. product_line_code:  where we will assign to it a tag called “product_line”.
  2. retailer_name: where we will assign to it a tag called “Retailer”.
  3. total_sales: where we will establish a security classification.


Assigning tags allows you to navigate to the information in an easy way. To assign the tags in Collibra we need to click on each column and go to the details section where we can configure  the tags:

  1. Edit the tags section.
  2. Introduce the tag that we want.
  3. Click “Save”.

After following the previous steps, we have assigned the tags to the columns product_line_code and retailer_name.

Security classification

Security classifications allow you to classify the assets based on sensitivity. In our case, we are establishing the total_sales column as a restricted asset. In general, to assign the security classification to a column we can do it from the details section::

  1. Edit the Security Classification section.
  2. Select “Restricted”.
  3. Click “Save”.

After doing the previous steps, we have assigned the Security Classification “restricted” to the column total_sales.

Importing Collibra tags in Denodo

After defining the tags and the security classification in Collibra, we can import them to Denodo. As we have said in the introduction, we will do it in two different ways.

Import Tags from External Catalog

The first option is using  the Import Tags from External Catalog functionality, to use this functionality in the Web Design Studio, go to Administration > Semantic and governance > Import Tags from External Catalog. There, in the configuration tab, we need to select Collibra as a catalog, introduce the URL and our user/password for Collibra.

In the External catalog tab:  we need to select Collibra as catalog, our scope, the tags that we want to import, the Security Classification attribute and click on “Execute”.

The Security Classification is imported by default as an attribute from Collibra. It will be created as a tag in Denodo, the tag name will be like: “Security Classification > <name of the security classification>”” and also a description will be added.

After executing, we can see that three tags were added to the view columns. Then, we click on “Accept changes”.

Also, we can see the new tags in the tab “Tags” of the Design Studio.

Stored procedure

In order to retrieve and import the tags from Collibra using the stored procedure CREATE_TAGS_FROM_COLLIBRA. First, we need to configure the access to Collibra. Let us say that the credentials are:

  • URL:
  • User: cl-user
  • Password: cl-password


Then, we have to set the configuration properties. For securing the password value, we encrypt it.

ENCRYPT_PASSWORD 'cl-password';

Now, execute these commands:

SET 'com.denodo.vdb.contrib.ext.datagov.collibra.connection.url'='';

SET 'com.denodo.vdb.contrib.ext.datagov.collibra.connection.user'='cl-user';

SET 'com.denodo.vdb.contrib.ext.datagov.collibra.connection.password.secret'='encrypted:uq2Ldx0oXTIscUU/KmiVtZfFaGs';

Once the access is configured, we can run a query with the following parameters:

  1. input_scope: name of the Collibra scope where Virtual DataPort will search for metadata.
  2. input_attribute_names: names of the Collibra attributes which we want to retrieve.
  3. input_include_tags: if Collibra tags are retrieved.
  4. input_include_attributes: if Collibra attributes are retrieved.
  5. input_action = ‘Create’: indicates what the procedure has to do, in this case it  accesses Collibra, returns the tags and attributes information and stores that information into Virtual DataPort..
  6. input_attribute_name_as_prefix: indicates if the tags created at Virtual DataPort from Collibra will have the attribute name as prefix.

SELECT element_type, database_name, view_name, column_name, tag, tag_description, assignment_status


WHERE input_scope = 'Denodo Logical Data Fabric Scope'

    AND input_attribute_names  = {row('Security Classification')}

AND input_include_tags = true

AND input_include_attributes = true

AND input_action = 'CREATE'

AND input_attribute_name_as_prefix = true;

If we execute the previous query we obtain the following result and the tags will be under the “Tags“ tab.


Global security policy

Now, we will create a Global security policy to hide the total sales information for a user that does not belong to the Finance Department. In our example we will create two users. The first user is the finance manager and the second user user2 is a user who does not belong to the Finance department.

Users creation

For creating the users we have to go to Administration > User management. Then, we click on “New” and we introduce the name of the user that we want to create.

Role creation and privileges

We have to create a role for the finance manager. So we go to Administration > Role management. There, we click on “New” and we introduce the role name.

After creating the role for assigning the privileges we click on the three dots and then on “Edit privileges”.

There, we grant permissions to this role to connect to the ldw_performance database:

Then we click on the cell for the column “Advanced” and we gran permissions to this role to execute the view sample_ldw.

Finally, we add this role to the finance_manager user.

Global security policy creation

To create a global security policy  we need to go to Administration > Semantic and governance > Global security policies:

  1. Click on “New”.
  2. Enter the name of the Global security policy.
  3. Applies to roles not in list: "finance_manager"
  4. Applies to  'All views', from database: "ldw_performance",
  5. Restriction 'Mask columns tagged with any of these tags' : "Security Classification > Restricted".
  6. Number masking: ‘Hide’.


If we log in with the finance_manager user we can see in the following image that we can view sales information.

But if we log in with user2 we can see that the sales information is hidden. So, the Global security policy has worked.



Import Tags from External Catalog


Global Security Policies

Connecting Collibra to Denodo


Ask a question

You must sign in to ask a question. If you do not have an account, you can register here