Denodo
    • 01 Sep 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Denodo

    • Dark
      Light
    • PDF

    Article summary

    PlainID offers a Data Authorizer integration pattern for this third-party vendor. For more information, see Data Access Authorization Patterns.

    The PlainID Denodo Authorizer utilizes the native denodo plugin interface. The plugin allows real-time access control during the data access request process. The PlainID Denodo Authorizer requires Denodo V8.0.1 and above. The Denodo Authorizer enables the Platform to leverage its Policy Resolution endpoint with fine-grained controls over data selection stored within the Denodo data management platform. Configuration requires setup in thePlatform as well as on the Denodo platform using the Denodo Virtual DataPort Administration Tool.

    The Denodo Plugin leverages the Policy Resolution authorization endpoint to enforce fine-grained controls over data selection within the API calls, based on the decision from the Policies.

    The Resolution Response includes the following components:

    • access” – Represents column level filtering. This section demonstrates the list of the allowed data items. Authorization Response token for Assets based on Asset Template type field.
    • privileges” – Represents row level filtering. This section will demonstrate the logical filtering of the data. “allowed” and “denied” Response showing the ruleset of the Assets based on Asset Template type data.
      • has access to (allowed).
      • does not have access (denied) due to restricted policies. Note: this section is not enforced by the Denodo plugin.

    With the option of getting two types of responses with one Authorization Request, Policy Resolution can also address very specific, complex use cases.

    Use Example

    image.png

    Explanation

    1. The end user access the app.
    2. The user is redirected to complete the authentication process on the IdP.
    3. The application / BI tool requests access to data through the Denodo data virtualization platform.
    4. The PlainID Authorizer requests an access decision from the PlainID PDP which responds with a dynamically calculated access decision based on the policies configured within the PlainID Authorization Platform.
    5. The response is translated to a filtered data query.
    6. The original query is modified based on the authorization policy for the end user.

    Was this article helpful?