此内容没有您所选择的语言版本。

2.2. Data Roles

The Data Roles example demonstrates how data roles can be used to control access to data. This includes read-only and read-write access roles.

Note

All the code discussed in this example is available in the dynamicvdb-dataroles quickstart. See the EAP_HOME/quickstarts/dynamicvdb-dataroles/README.md for directions to run the quickstart.

In this example, the VDB (portfolio-vdb.xml) is defined with the two different data access roles:

read-only
The read-only role restricts access of the VDB to read only access (that is, select). This role is assigned to all the users who have a login credential (you can use the user called 'user' with password 'user').
read-write
The read-write role grants read and write access (i.e., insert/update/delete). This role is assigned only to the users with 'superuser' JAAS role (you can use the 'portfolio' user with password 'portfolio').

Following is an example of the read-write data-role in the portfolio-vdb.xml:

<data-role name="ReadWrite">
	<description>Allow Reads and Writes to tables and procedures</description>
		
	<permission>
		<resource-name>Accounts</resource-name>
		<allow-create>false</allow-create>
		<allow-read>true</allow-read>
		<allow-update>true</allow-update>
	</permission>
	 			
	<permission>
		<resource-name>MarketData</resource-name>
		<allow-create>false</allow-create>
		<allow-read>true</allow-read>
		<allow-update>true</allow-update>
	</permission>
 			
	<!--
		This role must defined in the JAAS security domain, the sample UserRolesLoginModules based roles file is provided in this sample directory. Copy these teiid-security-roles.properties and teiid-security-users.proeprties into EAP_HOME/modules/system/layers/dv/org/jboss/teiid/conf directory and replace the old ones.
	-->
	 			
	<mapped-role-name>supervisor</mapped-role-name>
</data-role>

<data-role name="ReadWrite">
	<description>Allow Reads and Writes to tables and procedures</description>
		
	<permission>
		<resource-name>Accounts</resource-name>
		<allow-create>false</allow-create>
		<allow-read>true</allow-read>
		<allow-update>true</allow-update>
	</permission>
	 			
	<permission>
		<resource-name>MarketData</resource-name>
		<allow-create>false</allow-create>
		<allow-read>true</allow-read>
		<allow-update>true</allow-update>
	</permission>
 			
	<!--
		This role must defined in the JAAS security domain, the sample UserRolesLoginModules based roles file is provided in this sample directory. Copy these teiid-security-roles.properties and teiid-security-users.proeprties into EAP_HOME/modules/system/layers/dv/org/jboss/teiid/conf directory and replace the old ones.
	-->
	 			
	<mapped-role-name>supervisor</mapped-role-name>
</data-role>

Copy to Clipboard

Toggle word wrap

To see how the users and roles are defined for JAAS, see the EAP_HOME/quickstarts/src/dynamicvdb-dataroles/security/teiid-security-roles.properties and EAP_HOME/quickstarts/src/dynamicvdb-dataroles/security/teiid-security-users.properties files. The teiid-security-users.properties file is used by JAAS to determine user credentials (that is, login ID and Password) and the teiid-security-roles.properties file maps the username to the <mapped-role-name> element.

返回顶部

此内容没有您所选择的语言版本。

2.2. Data Roles

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links