Security: roles, users, permissions - Prod Denodo 7.0 , Denodo 6.0 , Denodo 5.5 , Denodo 5.0
Denodo Platform allows you to define a complete security infrastructure in which each user can be assigned specific permissions on each of your databases, and these permissions can be grouped into roles for easier maintenance. Roles can also be hierarchical.
Using roles is, in fact the recommended security setup for most installations.
Denodo distinguishes two types of users:
- Administrators. These can create, modify and delete databases in a DataPort server without any limitation. Likewise, they can also create, modify and delete users. When the server is installed, a default administrator user is created whose name is admin and whose password is also admin. This user can never be deleted.
- Normal users. These cannot create, modify or delete users. They cannot create or delete databases, although they can have connection, read, create or write privileges to one or several databases or to specific views contained therein.
The first step to be taken by the administrator should be the change of the password of the default user.
It is also recommended to create normal user accounts for the developers using the tool. LDAP or Active Directory users and groups can be configured and used if the organization uses such systems for authentication.
It’s also a good practice to set up a specific user for each consuming application. This user should be a “normal user” with privileges only for the views that are going to be used by the application. This way, all the auxiliary views and data sources will be hidden, offering an interface for the application developers completely independent from the original sources, and easier to understand.