The following article describes in details users, groups, roles, and permissions management in Dataedo Web Catalog.
Users
In Dataedo Web Catalog, you can easily add, edit or remove users. Head over to users management view. In the table, you will see all users who already have access to your Web Catalog.
Adding a user
To add a user you need to provide their Login and Display name.
Please note, that Dataedo Web Catalog will not ask for a user password at any step, as user authentication can be done only with separate systems. Find out more about the login flow in the Accessing Web Catalog article.
Managing a user
After creation, you can go into user details.
There are two tabs inside. The first one, allows you to edit basic details and the second is about Permissions. More on Permissions in later sections in this article.
Deleting a user
Deleting a user requires confirmation in the popup.
When a user is deleted, his name is anonymized, but information about the user persists in the database, so content created by the user (like comments) will be still available.
Deleted users can no longer log in. Since user deleting is soft-delete process, you can reverse it through altering deleted
column in dbo.licenses table.
Restoring a user
Starting from Dataedo 10.3.2 restoration is available through Users management.
In older versions you can use the following command to restore a deleted user:
UPDATE [dbo].[licenses]
SET [email] = 'user@email.address' --Email address used for notifications
,[name] = 'Display Name' --Name displayed on comments created in Web Catalog
,[deleted] = 'false' --do not change this value
WHERE [login] = 'login'; --Login used to access (SQL login, AD name (including domain), or email address if using SAML
Using two accounts
When the same person is working both with Dataedo Desktop and Dataedo Web Catalog it is possible that they will have two separate user accounts. For instance, Online Account for Dataedo Desktop and OKTA account for Dataedo Web Catalog.
Groups
Groups should mirror company structure and are meant to make permissions management easier. Instead of assigning the "Editor" Role to users one by one, we recommend you group all editors into one group and assign permissions to it.
Adding a group
You can add a new group or edit existing from the group listing.
Managing a group
After creation, you can open group details, to edit basic settings like the name of whether the group is the default. You can also assign permissions to the group. More on permissions in later sections in this article. You can also use the users' tab in the Group management, to quickly assign Users to the Group.
Default group
Users can be created manually, or automatically upon first login attempt to the Web Catalog - explained in this article. Default group setting specifies if the group should be assigned to all new users.
During user creation, the user is automatically assigned to all default groups.
Deleting a group
Deleting the group requires confirmation in the popup.
When you confirm:
- all users are unassigned from a group (all users are losing permissions inherited from this group),
- the group with all its settings is irreversibly deleted.
Roles
A role is named a set of actions, that one can perform. Roles in the system should mirror real-life responsibilities, like "External viewers" or "Data Stewards".
We are adding a few predefined Roles to the list, but you can manage all of them.
Managing a role
Managing a role is setting what actions are included in it. A complete list of actions with scope explanation is available in Actions in Dataedo Web Catalog article.
Deleting a role
When a role is deleted, all permissions based on that Role are removed from the system.
Permissions
Permission is a role assigned to someone (User or Group) in some context (Repository or Database).
Examples of permissions are:
- John Doe has an Admin role in SQL Server DB 1.
- Analysts Group has an Editor role in Oracle Documentation.
- Viewers Groups have a Viewer role for the whole Repository.
Assigning permissions
You can give permissions both to users and groups, through a very similar UI. On top of the screen, you are defining repository roles (global in other words). Below you are defining roles for a specific data source (database or Business Glossary).
Inheriting permissions
Users inherit all permissions from all Groups they are in.
In other words, user permissions are a summary of all his personal permissions and permissions inherited from his groups. You can audit a summary of all permissions through users' details.
Auditing database
You can check permissions from a data source perspective. Open permissions tab from the database page to view all users with their access levels.