Data Roles
Data roles are sets of permissions defined per virtual database and determining data access (CREATE
, READ
, UPDATE
, DELETE
, EXECUTE
, ALTER
, LANGUAGE
(CRUDEAL
)). Thanks to this permission system, the CData Virtuality Server can provide audit log entries which might be useful in case of access violation.
Before applying data roles, consider restricting source system access. The CData Virtuality Server can only access source entries represented in the imported metadata.
Here are some points to keep in mind:
- Any role can be assigned to any user;
- Every role has specific permissions;
- When a role is assigned to a user, this user gets all the permissions associated with this role, and a user with multiple roles will have all the permissions associated with every one of these roles.
User and Role Management
The CData Virtuality Server has special user and role management system procedures - they are described in a dedicated section.
To check if the current user has the given data role, you can use the HASROLE
function. This function can also be used in procedures or view definitions for value masking and row-level security, for example, if you need to create a procedure for retrieving and displaying data depending on the user's role.