User management

Applies to: Dataedo 24.x (current) versions, Article available also for: 10.x, 23.x

The following article describes in details users, groups, roles, and permissions management in Dataedo Portal.

Users

In Dataedo Portal, you can easily add, edit or remove users. Head over to users management view. In the table, you will see all users who already have access to your Dataedo Portal.

Users

Adding a user

To add a user you need to provide their Login and Display name.

Adding

Please note, that Dataedo Portal will not ask for a user password at any step, as user authentication can be done only with separate systems. Find out more about the login flow in the Accessing Dataedo Portal article.

Managing a user

After creation, you can go into user details.

Details

There are two tabs inside. The first one, allows you to edit basic details and the second is about Permissions. More on Permissions in later sections in this article.

Deleting a user

Deleting a user requires confirmation in the popup.

Deleting

When a user is deleted, his name is anonymized, but information about the user persists in the database, so content created by the user (like comments) will be still available.

Deleted users can no longer log in. Since user deleting is soft-delete process, you can reverse it through altering deleted column in dbo.licenses table.

Restoring a user

Starting from Dataedo 10.3.2 restoration is available through Users management.

Image title

In older versions you can use the following command to restore a deleted user:

UPDATE [dbo].[licenses]
    SET [email] = 'user@email.address' --Email address used for notifications
    ,[name] = 'Display Name' --Name displayed on comments created in Dataedo Portal
    ,[deleted] = 'false' --do not change this value
    WHERE [login] = 'login'; --Login used to access (SQL login, AD name (including domain), or email address if using SAML

Using two accounts

When the same person is working both with Dataedo Desktop and Dataedo Portal it is possible that they will have two separate user accounts. For instance, Online Account for Dataedo Desktop and OKTA account for Dataedo Portal.

Groups

Groups should mirror company structure and are meant to make permissions management easier. Instead of assigning the "Editor" Role to users one by one, we recommend you group all editors into one group and assign permissions to it.

Adding a group

You can add a new group or edit existing from the group listing.

Groups

Managing a group

After creation, you can open group details, to edit basic settings like the name of whether the group is the default. You can also assign permissions to the group. More on permissions in later sections in this article. You can also use the users' tab in the Group management, to quickly assign Users to the Group.

Managing

Default group

Users can be created manually, or automatically upon first login attempt to the Dataedo Portal - explained in this article. Default group setting specifies if the group should be assigned to all new users.

During user creation, the user is automatically assigned to all default groups.

Deleting a group

Deleting the group requires confirmation in the popup.

Deleting Group

When you confirm:

  • all users are unassigned from a group (all users are losing permissions inherited from this group),
  • the group with all its settings is irreversibly deleted.

Roles

A role is named a set of actions, that one can perform. Roles in the system should mirror real-life responsibilities, like "External viewers" or "Data Stewards".

We are adding a few predefined Roles to the list, but you can manage all of them.

Roles

Managing a role

Managing a role is setting what actions are included in it. A complete list of actions with scope explanation is available in Actions in Dataedo Portal article.

Editing a Role

Deleting a role

When a role is deleted, all permissions based on that Role are removed from the system.

Permissions

Permission is a role assigned to someone (User or Group) in some context (Repository or Database).

Examples of permissions are:

  • John Doe has an Admin role in SQL Server DB 1.
  • Analysts Group has an Editor role in Oracle Documentation.
  • Viewers Groups have a Viewer role for the whole Repository.

Assigning permissions

You can give permissions both to users and groups, through a very similar UI. On top of the screen, you are defining repository roles (global in other words). Below you are defining roles for a specific data source (database or Business Glossary).

Permissions

Inheriting permissions

Users inherit all permissions from all Groups they are in.

In other words, user permissions are a summary of all his personal permissions and permissions inherited from his groups. You can audit a summary of all permissions through users' details.

Auditing database

You can check permissions from a data source perspective. Open permissions tab from the database page to view all users with their access levels.

Permissions summary