0

I have configured a Redshift Datasource in Jboss teiid. I want to know how to make my Datasource Read Only. I know how make Read Only resources on VDB level using Dataroles (Ref:- https://github.com/teiid/teiid-quickstarts/blob/master/vdb-dataroles/src/vdb/portfolio-vdb.xml). But this would allow to create new VDBs which are not Read Only which is a vulnerability in my case. I want to do this in Datasource configuration level in domain.xml. Is there any guidance on how to do this.

I am not using teiid Designer and I configure Datasources editing the domain.xml file. I add the fallowing Datasource under the Datasources sub element in the domain.xml file

            <datasource jndi-name="java:jboss/datasources/redshiftDS" pool-name="redshiftDS" enabled="true" use-java-context="true">
            <connection-url>jdbc:redshift://***********.com:5439/schema</connection-url>
            <driver>redshift</driver>
            <security>
                <user-name>${user_name}</user-name>
                <password>${pw}</password>
            </security>
            <pool>
                <!--min-pool-size>
                    10
                </min-pool-size-->
                <max-pool-size>
                    5
                </max-pool-size>
            </pool>
            </datasource>

Is there any way I can configure the Datasource to be read only here. For an example adding something like 

<access-permission>
   read-only
</access-permission>
Sanjewa Ranasinghe
  • 15
  • 1
  • 8

2 Answers2

0

Mark all your tables as non updatable. If you are using designer there is property on table or columns or you can do same using DDL too.

Ramesh Reddy
  • 554
  • 1
  • 3
  • 8
  • I am not using teiid designer and I am editing the domain.xml file adding new Datasources under the Datasource sub element in the domain.xml file. I have edited the question with more specifics to my scenario. I would like to know is there any property element like I mentioned above in the question which I can add in the domain.xml file – Sanjewa Ranasinghe Dec 20 '17 at 04:29
0

The simplest alternative from a Teiid perspective is to add a data role for any authenticated for all schemas that you don't users to have write access to:

<data-role name="read-only" any-authenticated="true" allow-create-temporary-tables="true">
    <description>read only access</description>
    <permission>
        <resource-name>schema name</resource-name>
        <allow-read>true</allow-read>
        <allow-execute>true</allow-execute>
    </permission>
</data-role>

There was a flag on translators to set them as immutable - but support for that was removed.

Steven Hawkins
  • 538
  • 1
  • 4
  • 7