0

I want to use the teiid data roles functionality. This works as I can enable write access etc. for an admin user only for example. Accessing the data by the oData API nicely shows an login dialog and all works. Now I want other users (anonymous users, users "not logged in") to be able to read certain tables. So I also created a data role "visitor" with read access to all tables, but this doesn't seem to work as I get the error message:

TEIID30492 User <anonymous> is not entitled to action <CREATE> for 1 or more of the groups/elements/procedures.'

Also enabling "apply this role to all users" and defining an anonymous user doesn't seem to work.

So it looks like I have to assign permissions to some kind of "anonymous user" to get this working. Any ideas? Thanks.

Creating two different vdb's with different permissions could also be a solution, but can be more maintenance etc.

Mr Lister
  • 45,515
  • 15
  • 108
  • 150
Daniel van Mil
  • 147
  • 8
  • Did you disable the authentication on OData? But that will disable for every one. As you may know in HTTP call you can restrict or allow user on given url context, you can not do both. IMO, create a dummy user visitor and give it visitor role. Also look how this work over JDBC with "any-authenticated" flag at https://teiid.gitbooks.io/documents/content/reference/XML_Definition.html – Ramesh Reddy Sep 20 '16 at 21:37
  • Yes, the authentication on oData in the odata4 web app is completely disabled and I was trying to achieve a more fine grained authentication with the data roles functionality. So overrule/implement a request wrapper (or else) that returns a default dummy "visitor" user for the getRemoteUser/isUserInRole etc. The any-authenticated would not be needed then I think as I can assign rights to this specific "visitor" user then. Thanks. – Daniel van Mil Sep 21 '16 at 08:05

0 Answers0