DEN80EDU21S Denodo Security Management - Labs Guid

Labs Guide
Denodo Platform 8.0

Revision 20200901
NOTE
This document is confidential and proprietary of Denodo Technologies.
No part of this document may be reproduced in any form by any means without
prior written authorization of Denodo Technologies.
denodo.com Denodo Security Management 1

Labs Guide
Contents
Contents 2
User Authentication: 3
Creating a new user 3
User Authorization 5
Creating roles 5
Assigning roles in Solution Manager 8
LDAP Authentication 12
Create a data source from Active Directory 12
Import roles from MS Active Directory 13
Configure database with LDAP authentication 17
Enabling LDAP Authentication in Solution Manager 19
Advanced Privileges 22
Assign advanced privileges to LDAP users 22
Single Sign On 26
Configuring Single Sign On using Keycloak 26
Security in Transit 34
Enabling TLS using the TLS Configurator Script 34
Connecting to a secure data server using TLS 38
Further work 42

Labs Guide
User Authentication
Reference: DEN80EDU21S01
Creating a new user

Reference: DEN80EDU21S01LAB01
The aim of this lab is to understand the different types of the Users and authentication available
in Denodo Platform. You will have to:
1. Open the Virtual DataPort Administration Tool and login with credentials
● Username: admin
● Password: admin
2. Navigate to the Administration from Menu bar and choose User Management.
3. Click “New” and enter below details
● Login: local_user
● Description: Local user created for the Denodo Training 8.0
● User type: Normal User
● Click the drop to explore the other options
● Authentication: Normal
● Password: local
● Retype password: local
4. Click “OK” to complete the creation.

Labs Guide
5. Logout using File > Disconnect.
6. Login again with
● User name: local_user
● Password : local

Labs Guide
7. What is the output? Why is there an error what does the error signify?
8. We will look at how to get past this error in the upcoming lab.

Labs Guide
User Authorization
Creating roles
Reference: DEN80EDU22ADS04LAB01
The Aim of this lab is to explore the user privileges and roles which is a collection of the
assignment of privileges to users. We will continue from the previous lab, where we created a
user called local_user whom we will grant privileges to connect to the Virtual DataPort. Let's get
started, we will,
1. Login to Administration Tool with default credentials.
2. Navigate to File > Role Management.
3. Click New option provide below values to create the new role.
a. Name: vdp_developer
4. Click Ok to create the role.

Labs Guide
5. Select the role vdp_developer and click Assign Privileges to access the privilege menu.
6. Select the below privileges over denodo_training database
a. Connect
b. Metadata
c. Execute
d. Write
7. Click “OK” to set up the privileges.
8. Assign the role to the user we created in the previous lab to allow the user to inherit this
privilege. You have to:

Labs Guide
a. Navigate to the Administration > User Management.
b. Select local_user and click on Assign role.
c. Choose the vdp_developer r ole.
d. Click “Ok” to save.
9. Disconnect using File > Disconnect.
10. Login back again with
a. Login: local_user
b. Password: local

Labs Guide
Assigning roles in Solution Manager

Aim of the this lab is to help us understand the authorization settings available on Solution
Manager for the users, in this lab we are going to setup a user and role to access various
environments in Solution Manager, the steps are:
1. Open the Solution Manager Administration Tool login using
a. Login: admin
b. Password: admin
2. Navigate to the Configuration > Role Management.
3. Click “New” and provide the below details.
a. Name: developer_solution_manager
b. Description: Developer.

Labs Guide
4. Click “Save” to finish the role creation.
5. Lets create a user for the Solution Manager to inherit the role
a. Navigate to Configuration > User Management.
b. Click “New” and provide the below details
● Name: solution_manager_user
● Password: denodo

Labs Guide
c. Click the “Assign Role” and choose the role “solution_manager_developer”
6. Now that we have the user and a role assigned, let's continue to configure the
permissions for the role
a. Navigate to Configuration > Permissions.

Labs Guide
b. Click the Key symbol in the Training environment and provide all privileges.
c. Click “New” and choose the role developer_solution_manager.
d. Click Add role to finalize the privileges.
e. Choose all the privileges and click save.
7. We have all the required user, role and permissions, let's test it.
a. Logout the Solution Manager Administration Tool.
b. Log back in with
● User: solution_manager_user
● Password: denodo

Labs Guide
c. Choose the environment from the My Applications area to see the tools for
specific environments.

Labs Guide
LDAP Authentication
Create a data source from Active Directory

Reference: DEN80EDU22ADS05LAB01
Aim of this lab is to explore the set up required by the Virtual DataPort to successfully integrate
with a LDAP in the organization. To achieve this we are going to create a LDAP datasource that
will allow us to communicate with LDAP. The steps are:
1. Login to Virtual DataPort Administration Tool using default credentials,
a. Login: admin
b. Password: admin
2. Click File > New > Datasource > LDAP and enter the below details.
a. Name: ds_active_directory
b. Server URI: ldap://data-server:10389/dc=denodo,dc=loc
c. Login: uid=admin,ou=system
d. Password: admin
3. Click Test Connection to validate the details entered.
4. Save the datasource.

Labs Guide
5. Move the datasource to 1 - connectivity/1 - data sources folder.

Labs Guide
Import roles from MS Active Directory

Aim of this lab is to further explore the integration of Denodo Platform with LDAP, in the previous
lab we created the connection to the LDAP from the Virtual DataPort. Lets import the
entitlements, that is, roles for the LDAP Server simplifying the management of the role, we will,
Note: Please check that these roles do not have any other roles or privileges assigned other
than the once mentioned above.
1. Login to Virtual DataPort Administration Tool using default credentials,
a. Login: admin
b. Password: admin
2. Navigate to the Administration > Role Management.
3. Click Import Roles and enter the below details,
a. Database: denodo_training
b. Datasource: ds_active_directory
c. Role Base: OU=groups, DC=denodo, DC=loc
d. Attribute with role name: cn
e. Attribute with role description: cn
f. Role Search pattern: (objectClass=groupOfNames)

Labs Guide
4. Select all the roles of the LDAP and click Create roles.
5. Click okay on the summary of the roles created.
6. Provide Privileges to various imported roles, the details are,
a. For Role Executive

Labs Guide
● Admin privilege for the entire denodo_training database
b. For Role Data analyst
● Connect privilege for the denodo_training database
● “Metadata” and “Write” privilege on all the services under “5 - Data

services” folder
● Right click on the folder on the advanced privileges.

Labs Guide
● “Execute” on all views under “2- Integration” folder.
● Click Ok till the screen exits to save the changes.
c. For Role Sales

Labs Guide
● Assign the roles “data_analyst” and “data_catalog_exporter” to this role.
d. For Role IT:
● Assign the role “serveradmin” to this role.

Labs Guide
Configure database with LDAP authentication

Aim of this lab is to configure the Virtual Database to allow login using LDAP. Continuing with
previous labs, that is, integrating with the LDAP for Authorization, so far we have created a
datasource to connect to LDAP and imported the existing groups as roles, to finish the setup we
will configure the Virtual Database to delegate authentication to LDAP. We will
1. Login to Virtual DataPort Administration Tool using default admin credentials.
2. Go to Administration > Database Management.
3. Choose the database denodo_training and click edit.
4. Choose Authentication Type as LDAP and enter the below details.
a. Database: denodo_training
b. Datasource: ds_active_directory
c. User base: OU=Users,DC=denodo,DC=loc
d. Attribute with user name: uid
e. User search pattern: (&(objectClass=person))
f. Role Base: OU=groups, DC=denodo, DC=loc
g. Attribute with role name: cn
h. Role Search pattern: (&(objectClass=groupOfNames)(member=@{USERDN}))
5. Click “Ok” to save the configuration.

Labs Guide
6. We have setup the LDAP Authentication successfully, lets validate the settings
a. Logout of Administration Tool.
b. Login with the user with IT role, use the below credentials.
● cward3 / Denodo00
● Check the privileges, are they as expected?
c. Logout again and login with user of Executive role
● rmurray2 / Denodo00
● Correlate with the permission we gave earlier, are they expected?
d. Logout and log back in with a user of Accounting role
● hrice23 / Denodo00
● Are you able to access the server? If not, why?

Labs Guide
Enabling LDAP Authentication in Solution Manager

Aim of this lab is to outline the steps for configuring the LDAP authentication with Solution
Manager. Similar to Virtual DataPort you can perform the LDAP integration with Solution Manager
as well, including importing roles and providing relevant permissions, the steps are
1. Open Solution Manager Administration tool and login with default admin credentials.
a. Login: admin
b. Password: admin
2. Go to Configuration > Authentication and open the L

DAP Configuration, enter the
below details
a. LDAP Authentication Enabled as Yes
b. Server URI: ldap://data-server:10389/dc=denodo,dc=loc
c. Login: uid=admin,ou=system
d. Password: admin
e. uncheck Use GSSAPI SASL
f. User base: OU=Users,DC=denodo,DC=loc
g. Attribute with user name: uid
h. User search pattern : (&(objectClass=person))
i. Role base : OU=groups, DC=denodo, DC=loc

Labs Guide
j. Attribute with role name : cn
k. Role Search pattern: (&(objectClass=groupOfNames)(member=@{USERDN}))
l. Click save to finalize the settings.
m. Ensure the message with saved successfully is shown

Labs Guide
3. Import the roles from the LDAP, follow the below steps
a. Go to Configuration > Role Management
b. Click on Import Roles from LDAP, provide the below details for the fields,
● Role Base: OU=groups, DC=denodo, DC=loc
● Attribute with role name: cn
● Attribute with role description: cn
● Role Search pattern: (objectClass=groupOfNames)
c. Select all the roles of AD and click create roles
4. Inherit a role we have configured in the previous lab to setup permissions, do:
a. Click the assign roles button for the role IT.

Labs Guide
b. Choose the role developer_solution_manager a

nd click save.
5. Logout and login as
a. Login: mcrawford9
b. Password: Denodo00

Labs Guide
Advanced Privileges
Assign advanced privileges to LDAP users

Aim of this lab is to configure advanced column and row restrictions for the views to ensure the
data privacy requirements are met, we will
1. Login to Virtual DataPort Administration Tool with the default admin credentials.
2. Go to Administration > Role management and select data analyst role
3. Click Assign privileges > edit option.
4. Provide the execute privilege to bv_hr_employees.

Labs Guide
5. Click “Assign column privileges” to open the advanced restriction configuration.
6. Choose the fields ‘employee id’, ‘first name’, ‘last name’, ‘email’, ‘salary’, ‘manager id’,
‘department id’ and 'salary' and click ok

Labs Guide
7. Click Assign restrictions > New Restriction
8. Add conditions by clicking the “Plus” icon and add the below condition
a. concat(getsession('user'),'@mail.com
9. Select reject row if the sensitive field is used.

Labs Guide
10. Choose Salary as a sensitive field by clicking the plus icon next to the field.
11. Click a series of “Ok” to follow to the main screen.
12. Lets perform certain steps to validate the above settings
a. Logout and login with user who has Executive role
● rmurray2 / Denodo00
● What views can you see? Can you execute all the views?
b. Logout and login with user who has Sales role
● dcox19 / Denodo00
● Execute the view bv_hr_employees and observe the results. Is there an

error? If so, why?

Labs Guide
● Lets execute the same view but with selected fields, execute the below in
VQL Shell.
● select employee_id, first_name,last_name from

bv_hr_employees
● Further lets try to access the sensitive field and see what is the results
● select employee_id, first_name, last_name, salary

from bv_hr_employees

Labs Guide
Single Sign On
Configuring Single Sign On using Keycloak

Aim of this lab is to walk through the steps required to set up the Single Sign On with Keycloak in
Virtual DataPort. Starting Denodo 8.0, Single Sign On is possible with external iDP using various
schemas, like OAuth, OpenID and SAML, along with the existing Kerberos SSO. Let's go through
the steps, the steps are:
1. First lets check the Client configuration available in the Keycloak.
a. Login to the KeyCloak, point the browser to http://data-server:8585/auth/
b. Choose the Administration Console from the landing page
c. Credentials:

Labs Guide
● Username: denodo / Password: denodo
d. Click the Clients on the explorer on the left side of Administration Console
e. Choose denodo80 and open client configuration.

Labs Guide
f. Choose Client Scopes tab and choose Evaluate sub tab:
g. Select the user cward3 and click evaluate to generate a sample token.
h. View the generated token on the Generated Access Token tab
2. Configure the Solution Manager to use the KeyCloak to use for SSO.
a. Login to the Solution Manager Administration tool with admin user.
b. Navigate to the Configuration > Authentication.
c. Expand Single Sign On configuration.

Labs Guide
d. Toggle the button “enabled”.
e. Choose the authentication method as “OpenID”.
f. Configure the required fields as below
● Client id: denodo80
Note: Get the client ID by clicking on Client in the left side, choose Denodo 80 and copy the
client ID, paste in SM.
● Client Secret: 321315dc-83cf-42c6-9e10-3384623828ba
Note: Get the client ID by clicking on Client in the left side, choose Denodo 80, navigate to
Credentials and copy the client secret, paste in SM.
● User authorization URL:

http://data-server:8585/auth/realms/denodo/protocol/openid-
connect/auth
● Access token URL:

connect/token
● Issuer: http://data-server:8585/auth/realms/denodo
● JWKS URL :
connect/certs
Note: Go to the Realm Settings (available in the left side of the admin console). Click on
OpenID Endpoint configuration. Then enter the values for User authorization URL, Access
token URL, Issuer and JWKS URL from this configuration (mostly based on above format)
● Default process URI: /sso-openid/openid-login
● Scopes: openid,profile,email,roles
● Check the “Extract Roles from Token”: Yes
● Token Role Field: groups

Labs Guide
● Click Save to finalize the configuration.
● Wait till the message of successful restart of the authentication server to

finish the process.
3. Validate the roles with permissions to enable users with the role to login.
a. Navigate to the Configuration > Role Management.
b. Ensure that the LDAP roles are present with appropriate privileges were present
as per previous lab
c. Go to Configuration > Permissions
d. Ensure that the appropriate permissions are given to the role “IT” which is going
to be used
4. Logout of Solution Manager Administration Tool and log back in using the Single Sign On
option, instead of admin use the below credentials on the KeyClock login page
a. Username: cward3 / Password: Denodo00
5. Launch Design Studio from the My Applications to bring up the Design Studio and access
the tool without again logging in.

Labs Guide

Labs Guide
Security in Transit
Enabling TLS using the TLS Configurator Script

Aim of this lab is to configure the TLS using the TLS Configurator Script, which is a new utility
introduced in Denodo 8 to simplify the Secure connection setup in Denodo Platform. The steps
are:
1. Stop all the servers that are running on the Denodo Platform.
2. Change to the Denodo Home Folder and launch the command prompt by typing cmd on
the address bar.
3. Generate a KeyPair, public and private key using the keytool utility of the JRE, use the
below command.
a. .\jre\bin\keytool -genkeypair -alias denodo-server-self-signed

-keyalg RSA -keysize 2048 -keystore denodo_server_key_store.jks
-validity 365 -deststoretype jks
b. Use the password as denodo and retype to confirm.
c. Enter the details for the information requested
● What is your first and last name?: Denodo Virtual DataPort Server

Labs Guide
● What is the name of your organizational unit?: Denodo Training
● What is the name of your organization?: Denodo Technologies
● What is the name of your City or Locality?: New York
● What is the name of your State or Province?: New York State
● What is the two-letter country code for this unit?: US
● Yes, to confirm the changes
● Press enter to confirm to use the same password as Keystore for the
private key.
Note: The above values are suggestions, enter the values that suit your case.
Ignore the warning about the JKS and PKCS12 keystores, as the PKCS12 is not compatible with
the Web Tools.
4. Export the Public certificate out of the keystore, use the below command.

Labs Guide
a. .\jre\bin\keytool -exportcert -alias denodo-server-self-signed

-keystore denodo_server_key_store.jks -file
denodo_server_public_key.cer
b. Enter the password, denodo, to initiate the export. If you have used a different
password while generating the keypair, please use it.
5. Create a credentials file as tls.properties.
6. Encrypt the keystore password and truststore password using the Encrypt script located
under the <DENODO_HOME>/bin folder. Execute the below command
a. encrypt_password.bat denodo
b. encrypt_password.bat changeit

Labs Guide
7. Add the content in TLS.properties file in below format:
a. keystore.password=<encryped_value>
b. truststore.password=<encrypted_value>
8. Save the file.
9. Open a CMD from <DENODO_HOME>/bin folder and execute the following command to
enable TLS (modify accordingly the DENODO_HOME):
a. denodo_tls_configurator.bat --keystore
<DENODO_HOME>\denodo_server_key_store.jks --cert-cer-file
<DENODO_HOME>\denodo_server_public_key.cer --truststore
<DENODO_HOME>\jre\lib\security\cacerts --credentials-file
<DENODO_HOME>\tls.properties --denodo-home <DENODO_HOME>

Labs Guide
10. Restart the servers and open the Denodo Platform Control Center.

Labs Guide
Connecting to a secure data server using TLS

Aim of this lab is to configure a web based datasource to check TLS certificates while
establishing the connection. Let's get started, the steps are,
1. Edit the ds_product data source:
a. WSDL: https://data-server:8443/product-ws/services/products-ws?wsdl
b. Select “Check certificates” checkbox.
2. As this is a SOAP Web service data source, you have to source_refresh the
bv_product_by_category base view in order to get the new URL configuration.

Labs Guide
3. Execute a query over the view bv_product_by_category and check there’s an error (as
the wrapper was not correctly initialized).
a. Use the where condition: (parameters).categoryname = 'laptop'

Labs Guide
4. Get the certificate from the desktop: self-signed-tomcat.cer
5. Install the ertificate in the Denodo JRE to make it work:
a. cd <DENODO_HOME>/jre/bin
b. keytool -importcert -alias self-signed-tomcat -file

"<SELF_SIGNED_CER_DOWNLOADED_LOCATION>" -keystore
../lib/security/cacerts
c. Password: changeit
d. Trust this certificate?: yes
6. Restart Virtual DataPort server to read the new certificate.

Labs Guide
7. Source refresh again the bv_product_by_category base view and execute a query to get
the results.

Labs Guide
Further work
Check the full training offering at https://www.denodo.com/en/services/education/courses
Don’t wait. Get Started with data virtualization today!
If you want to start using the Denodo Platform for creating your own scenarios, you can do that
following different ways:
● Download Denodo Express for free
● http://www.denodo.com/en/denodo-platform/denodo-express
● Free to Download
● Fully functioning data virtualization platform with certain restrictions
● Community based support
● Tutorials, Documentation, KB articles, Videos, Q&A section… available for free
● Take Denodo for a Test Drive:
● https://www.denodo.com/en/denodo-platform/test-drives
● Denodo Test Drives enables anyone to quickly and easily explore the benefits of
using data virtualization with Denodo Platform on the cloud. It is completely free of
charge for demonstration, education and evaluation purposes.
● Denodo Platform on AWS / A

zure / Google Cloud Platform :
● https://www.denodo.com/en/denodo-platform/denodo-platform-for-aws
● https://www.denodo.com/en/denodo-platform/denodo-platform-for-azure
● https://www.denodo.com/en/denodo-platform/denodo-platform-google-cloud-platform
● Free trials available! / Rent-by-the-hour licensing / Premium Support

DEN80EDU21S Denodo Security Management - Labs Guid

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DEN80EDU21S Denodo Security Management - Labs Guid

Uploaded by

Copyright:

Available Formats

Labs Guide

Denodo Platform 8.0

denodo.com Denodo Security Management 1

denodo.com Denodo Security Management 2

Creating a new user

3. Click “​New​” and enter below details

● Description:​ Local user created for the Denodo Training 8.0

● User type:​ Normal User

● Click the drop to explore the other options

● Retype password: local

4. Click “OK” to complete the creation.

denodo.com Denodo Security Management 3

5. Logout using ​File >​ ​Disconnect​.

6. Login again with

● User name: local_user

denodo.com Denodo Security Management 4

denodo.com Denodo Security Management 5

1. Login to ​Administration Tool​ with default credentials.

2. Navigate to ​File > Role Management.

4. Click ​Ok ​to create the role.

denodo.com Denodo Security Management 6

6. Select the below privileges over denodo_training database

7. Click “​OK​” to set up the privileges.

denodo.com Denodo Security Management 7

a. Navigate to the ​Administration > User Management​.

b. Select ​local_user ​and click on ​Assign role​.

c. Choose the ​vdp_developer r​ ole.

d. Click “​Ok​” to save.

9. Disconnect using ​File > Disconnect​.

10. Login back again with

denodo.com Denodo Security Management 8

Assigning roles in Solution Manager

1. Open the​ Solution Manager Administration Tool​ login using

2. Navigate to the ​Configuration > Role Management​.

3. Click “​New​” and provide the below details.

denodo.com Denodo Security Management 9

4. Click “​Save​” to finish the role creation.

a. Navigate to ​Configuration > User Management​.

b. Click “New” and provide the below details

denodo.com Denodo Security Management 10

c. Click the “Assign Role” and choose the role “solution_manager_developer”

a. Navigate to Configuration > Permissions.

denodo.com Denodo Security Management 11

c. Click “​New​” and choose the role developer_solution_manager.

d. Click Add role to finalize the privileges.

e. Choose all the privileges and click save.

a. Logout the Solution Manager Administration Tool.

b. Log back in with

denodo.com Denodo Security Management 12

denodo.com Denodo Security Management 13

Create a data source from Active Directory

1. Login to ​Virtual DataPort Administration Tool​ using default credentials,

b. Server URI:​ ldap://data-server:10389/dc=denodo,dc=loc

3. Click ​Test Connection​ to validate the details entered.

4. Save the datasource.

denodo.com Denodo Security Management 14

5. Move the datasource to ​1 - connectivity/1 - data sources ​folder.

denodo.com Denodo Security Management 15

Import roles from MS Active Directory

1. Login to ​Virtual DataPort Administration Tool​ using default credentials,

2. Navigate to the ​Administration > Role Management​.

3. Click​ Import Roles​ and enter the below details,

c. Role Base: ​OU=groups, DC=denodo, DC=loc

3. Click “New” and enter below details

● Description: Local user created for the Denodo Training 8.0

● User type: Normal User

5. Logout using File > Disconnect.

1. Login to Administration Tool with default credentials.

2. Navigate to File > Role Management.

4. Click Ok to create the role.

7. Click “OK” to set up the privileges.

a. Navigate to the Administration > User Management.

b. Select local_user and click on Assign role.

c. Choose the vdp_developer r ole.

d. Click “Ok” to save.

9. Disconnect using File > Disconnect.

1. Open the Solution Manager Administration Tool login using

2. Navigate to the Configuration > Role Management.

3. Click “New” and provide the below details.

4. Click “Save” to finish the role creation.

a. Navigate to Configuration > User Management.

c. Click “New” and choose the role developer_solution_manager.

1. Login to Virtual DataPort Administration Tool using default credentials,

b. Server URI: ldap://data-server:10389/dc=denodo,dc=loc

3. Click Test Connection to validate the details entered.

5. Move the datasource to 1 - connectivity/1 - data sources folder.

1. Login to Virtual DataPort Administration Tool using default credentials,

2. Navigate to the Administration > Role Management.

3. Click Import Roles and enter the below details,

c. Role Base: OU=groups, DC=denodo, DC=loc

f. Role Search pattern: (objectClass=groupOfNames)

a. For Role Executive

● Admin privilege for the entire denodo_training database

b. For Role Data analyst

● Connect privilege for the denodo_training database

● “Metadata” and “Write” privilege on all the services under “5 - Data

● “Execute” on all views under “2- Integration” folder.

c. For Role Sales

d. For Role IT:

● Assign the role “serveradmin” to this role.

1. Login to Virtual DataPort Administration Tool using default admin credentials.

2. Go to Administration > Database Management.

3. Choose the database denodo_training and click edit.

4. Choose Authentication Type as LDAP and enter the below details.

c. User base: OU=Users,DC=denodo,DC=loc

d. Attribute with user name: uid

e. User search pattern: (&(objectClass=person))

f. Role Base: OU=groups, DC=denodo, DC=loc

g. Attribute with role name: cn

h. Role Search pattern: (&(objectClass=groupOfNames)(member=@{USERDN}))

5. Click “Ok” to save the configuration.

c. Logout again and login with user of Executive role

d. Logout and log back in with a user of Accounting role

2. Go to Configuration > Authentication and open the L

b. Server URI: ldap://data-server:10389/dc=denodo,dc=loc

f. User base: OU=Users,DC=denodo,DC=loc

h. User search pattern : (&(objectClass=person))

i. Role base : OU=groups, DC=denodo, DC=loc

k. Role Search pattern: (&(objectClass=groupOfNames)(member=@{USERDN}))

l. Click save to finalize the settings.

a. Go to Configuration > Role Management

● Role Base: OU=groups, DC=denodo, DC=loc

● Role Search pattern: (objectClass=groupOfNames)

b. Choose the role developer_solution_manager a

2. Go to Administration > Role management and select data analyst role