How to access only virtual views and hide physical tables with a standalone-vdb.xml wildfly/Teiid domain

Question

We are using standalone-vdb.xml domain to create a vdb and then make it accessible through Jupiter for other users.

Now based on the xml file below as an example, we created the VIEW "customer_view" from the table "Export2.customer_table" and they are both accessible from the Jupiter. However, we only want the VIEWS to be accessible and not the physical tables which property can be used to hide the tables and only expose the VIEWS for the end user.

Any one have a clue which property can do that? I tried to find it from the documentation but couldn't find any mentioning for that. we are using WildFly Full 17.0.1 through the HAL management interface in a Docker container environment and Postgresql database.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vdb name="stock" version="1">
    <description>The VDB</description>
    <property name="UseConnectorMetadata" value="true" />
    <model visible="true" name="Export2">  
        <property name="importer.useFullSchemaName" value="false"/>
        <property name="importer.schemaPattern" value="public"/>
        <property name="importer.tableTypes" value="TABLES,VIEW"/>        
        <source name="stockDS" translator-name="postgresql" connection-jndi-name="java:jboss/datasources/stockDS"/>
    </model>
    <model visible="true" name="Data" type="VIRTUAL">
        <metadata type="DDL"><![CDATA[
        CREATE VIEW customer_view (
            field_names string,
            field_description string
        ) AS
        SELECT variable_name, variable_description
         FROM Export2.customer_table;
        ]]> </metadata>
    </model> 
<data-role name="RoleA" any-authenticated="true">
     <description>Allow Reads and Writes to tables and procedures</description>
 
     <permission>
         <resource-name>Export2.customer_table</resource-name>
         <allow-create>true</allow-create>
         <allow-read>true</allow-read>
         <allow-update>true</allow-update>
     </permission>
     <mapped-role-name>Admin</mapped-role-name>
 </data-role>   
</vdb>

Answer 1

see http://teiid.github.io/teiid-documents/master/content/reference/r_xml-deployment-mode.html

you need to define the model with visibility to false like

<model visible="false" name="Export2">

note that this will remove the metadata exposure from any APIs, however, if someone knows the schema they still can use the same connection to issue the query and see the data. If you want to avoid that then you need to look into data security policies to avoid any access.