...
See who has access to views or columns (and their dependents)
The view admin.execute_permission_view has been created to help audit who has execute access to to a view and/or their dependents.
For example, to see who has execute access to views with columns containing visa or citizen that isn’t a Denodo admin, you can run the following query:
| Code Block |
|---|
SELECT
epa.parent_database_name,
epa.parent_view_name AS view_name,
epa.parent_column_name AS column_name,
epa.parent_column_distinct_query AS distinct_query,
epa.parent_datasources AS datasources,
epa.child_database_name AS child_vdb,
epa.child_view_name AS child_view_name,
epa.child_column_name AS child_column_name,
epa.child_column_distinct_query AS child_distinct_query,
group_concat(DISTINCT epa.access_role) AS access_role_concat,
group_concat(DISTINCT epa.user_name) AS user_name_concat
FROM admin.execute_permission_audit epa
WHERE
(
epa.parent_column_name like '%citizen%'
OR epa.parent_column_name like '%visa%'
)
AND epa.user_name is not null
AND epa.user_name not in (
SELECT user_name FROM admin.f_ad_user_groups WHERE group_name in ('grp_ds_denodo-admin', 'denodo-admin')
)
GROUP BY 1,2,3,4,5,6,7,8,9; |
Example result:
...
This view has been deployed in all environments, and be access in either Design Studio or Data Catalog
https://denodo-dev.it.tufts.edu:9443/denodo-data-catalog/#/view/admin/execute_permission_audit
User Guide
| Anchor | ||||
|---|---|---|---|---|
|
...