Accessing Web Catalog

Mac Lewandowski - Dataedo Team Mac Lewandowski 6th April, 2022

Accessing Dataedo Web Catalog

Find out, what are the options for accessing the Dataedo Web Catalog, the differences between them, and how to configure options.

If you are not using Active Directory login method, you should disable it through settings to ensure security as it is common that default environment is available already, and that can lead to giving everyone who has an AD account an access to the Web Catalog. If you are using Active Directory, you may want to remove or limit permissions assigned to default groups.

Login options in Dataedo Web Catalog

Through System settings in the Web Catalog, you can set allowed login methods. This configuration is the main firewall and overwrites any further configurations. For instance, even if you have SSO configured, when it is disabled above it won't be available to your Users.

Login methods

Based on the above settings the login form can change slightly.

Login

Auth flow

Auth flow is different for a different methods. Starting from version 10.2, the authorization is done with Permissions in Dataedo Web Catalog.

Auth flow

Please note, that checking if login is in the User Group for SQL Server is in fact, checking if login belongs to the user, who is in the Users Group (since for SQL Server login and user are not always the same).

Account creation flow

When a user completes authentication and initial authorization flow, but his account does not exist in dbo.licenses (the user logs in for the first time and didn’t previously have any explicit permissions assinged), then the row is added and the user is granted access to Dataedo Web Catalog, based on default groups.

Please ensure that the default group setting is set correctly, as the default group is assigned to EVERY new user, who is authorized with any enabled login option. For instance, if the newcomer is granted an AD account, and the AD login option is enabled, then the newcomer with being granted all default groups upon the first login. This is a very useful feature for scaling purposes but can be potentially harmful if not configured correctly.

Find out more details in the Users management article.

Found issue with this article? Comment below
0
There are no comments. Click here to write the first comment.