User management

The following article describes in detail users, groups, roles, and permissions management in Dataedo Portal.

Users

In Dataedo Portal, you can easily add, edit or remove users. Head over to the users management view. In the table, you will see all users who already have access to your Dataedo Portal.

Adding a user

To add a user you need to provide their Login and Display name.

Please note that Dataedo Portal will not ask for a user password at any step, as user authentication can be done only with separate systems. Find out more about the login flow in the Accessing Dataedo Portal article.

Managing a user

After creation, you can go into user details.

There are two tabs inside. The first one allows you to edit basic details and the second is about Permissions. More on Permissions in later sections in this article.

Deleting a user

Deleting a user requires confirmation in the popup.

When a user is deleted, their name is anonymized, but information about the user persists in the database, so content created by the user (like comments) will still be available.

Deleted users can no longer log in. Since user deleting is a soft-delete process, you can reverse it by altering the deleted column in the dbo.licenses table.

Restoring a user

Starting from Dataedo 10.3.2, restoration is available through Users management.

In older versions, you can use the following command to restore a deleted user:

UPDATE [dbo].[licenses]
    SET [email] = 'user@email.address', --Email address used for notifications
        [name] = 'Display Name', --Name displayed on comments created in Dataedo Portal
        [deleted] = 'false' --do not change this value
    WHERE [login] = 'login'; --Login used to access (SQL login, AD name (including domain), or email address if using SAML

Using two accounts

When the same person is working both with Dataedo Desktop and Dataedo Portal, it is possible that they will have two separate user accounts. For instance, an Online Account for Dataedo Desktop and an OKTA account for Dataedo Portal.

Groups

Groups should mirror company structure and are meant to make permissions management easier. Instead of assigning the "Editor" Role to users one by one, we recommend you group all editors into one group and assign permissions to it.

Adding a group

You can add a new group or edit an existing one from the group listing.

Managing a group

After creation, you can open group details to edit basic settings like the name or whether the group is the default.

You can also assign permissions to the group. More on permissions in later sections in this article.

You can also use the users' tab in the Group management to quickly assign Users to the Group.

Default group

Users can be created manually or automatically upon the first login attempt to the Dataedo Portal - explained in this article. The default group setting specifies if the group should be assigned to all new users.

During user creation, the user is automatically assigned to all default groups.

Deleting a group

Deleting the group requires confirmation in the popup.

When you confirm:

• all users are unassigned from the group (all users are losing permissions inherited from this group),
• the group with all its settings is irreversibly deleted.

Roles

A role is a named set of actions that one can perform. Roles in the system should mirror real-life responsibilities, like "External viewers" or "Data Stewards".

We are adding a few predefined Roles to the list, but you can manage all of them.

Managing a role

Managing a role is setting what actions are included in it. A complete list of actions with scope explanation is available in Actions in Dataedo Portal article.

Deleting a role

When a role is deleted, all permissions based on that Role are removed from the system.

Permissions

Permission is a role assigned to someone (User or Group) in some context (Repository or Database).

Examples of permissions are:

• John Doe has an Admin role in SQL Server DB 1.
• Analysts Group has an Editor role in Oracle Documentation.
• Viewers Groups have a Viewer role for the whole Repository.

Assigning permissions

You can give permissions both to users and groups through a very similar UI. On top of the screen, you are defining repository roles (global in other words). Below you are defining roles for a specific data source (database or Business Glossary).

Inheriting permissions

Users inherit all permissions from all Groups they are in.

In other words, user permissions are a summary of all their personal permissions and permissions inherited from their groups. You can audit a summary of all permissions through users' details.

Auditing database

You can check permissions from a data source perspective. Open the permissions tab from the database page to view all users with their access levels.