I have configured a Redshift Datasource in Jboss teiid. I want to know how to make my Datasource Read Only. I know how make Read Only resources on VDB level using Dataroles (Ref:- https://github.com/teiid/teiid-quickstarts/blob/master/vdb-dataroles/src/vdb/portfolio-vdb.xml). But this would allow to create new VDBs which are not Read Only which is a vulnerability in my case. I want to do this in Datasource configuration level in domain.xml. Is there any guidance on how to do this.
I am not using teiid Designer and I configure Datasources editing the domain.xml file. I add the fallowing Datasource under the Datasources sub element in the domain.xml file
<datasource jndi-name="java:jboss/datasources/redshiftDS" pool-name="redshiftDS" enabled="true" use-java-context="true">
<connection-url>jdbc:redshift://***********.com:5439/schema</connection-url>
<driver>redshift</driver>
<security>
<user-name>${user_name}</user-name>
<password>${pw}</password>
</security>
<pool>
<!--min-pool-size>
10
</min-pool-size-->
<max-pool-size>
5
</max-pool-size>
</pool>
</datasource>
Is there any way I can configure the Datasource to be read only here. For an example adding something like
<access-permission>
read-only
</access-permission>
The simplest alternative from a Teiid perspective is to add a data role for any authenticated for all schemas that you don't users to have write access to:
<data-role name="read-only" any-authenticated="true" allow-create-temporary-tables="true">
<description>read only access</description>
<permission>
<resource-name>schema name</resource-name>
<allow-read>true</allow-read>
<allow-execute>true</allow-execute>
</permission>
</data-role>
There was a flag on translators to set them as immutable - but support for that was removed.