Collaborators
You can explicitly manage access to individual data source connections that use shared credentials in Data Virtualization by adding collaborators to the connection. When you create a data source connection, you can assign users, user groups, and roles as collaborators. Only those collaborators can access the data source connection.
For example, after a data source is added, you can add the Engineer as a collaborator. All users who are assigned that role can access the connection. If you want some engineers, but not all users with that role, to have access to a data source, you would remove the role as a collaborator and then add individual users as collaborators.
If no collaborators are added other than the connection owner, then the connection is private and no one else can access it.
For more information about how to add collaborators and grant privileges, see Connecting to data sources in Data Virtualization.
Connection privileges
You assign specific privileges to collaborators to manage the actions that they can perform on a restricted data source.
If you assign the Engineer as a collaborator for a connection, and then grant the role the REF privileges, all engineers can virtualize data using the connection.
You can assign the following connection privileges to users, user groups, or roles (Grantees) when you manage access restrictions for data source connection:
- CONTROL
- The CONTROL privilege enables collaborators to drop or transfer the connection. This privilege includes the ALTER, DATAACCESS, and REF privileges. The CONTROL privilege cannot be regranted to collaborators.
- ALTER
- The ALTER privilege enables collaborators to edit the connection and set filters on it.
- DATAACCESS
- The DATAACCESS privilege enables collaborators to preview an object from the connection.
- REF
- The REF privilege enables collaborators to browse schemas, tables, and views, and to virtualize objects from the connection.
For more information about how to add collaborators and grant privileges, see Connecting to data sources in Data Virtualization.
Access control
Data Virtualization APIs and stored procedures explicitly check a user's privileges before allowing the user access to the data source connection to browse, preview, or virtualize data.
In the setRdbcX stored procedure, use the Options argument to enable and add access restrictions in Data Virtualization. For more information, see setRdbcX stored procedure (Variation 2). or setRdbcX stored procedure (Variation 1).