User management

Mac Lewandowski - Dataedo Team Mac Lewandowski 6th April, 2022

The following article describes in details users, groups, roles, and permissions management in Dataedo Web Catalog.

Users

In Dataedo Web Catalog, you can easily add, edit or remove users. Head over to users management view. In the table, you will see all users who already have access to your Web Catalog.

Users

Adding a user

To add a user you need to provide their Login and Display name.

Adding

Please note, that Dataedo Web Catalog will not ask for a user password at any step, as user authentication can be done only with separate systems. Find out more about the login flow in the Accessing Web Catalog article.

Managing a user

After creation, you can go into user details.

Details

There are two tabs inside. The first one, allows you to edit basic details and the second is about Permissions. More on Permissions in later sections in this article.

Deleting a user

Deleting a user requires confirmation in the popup.

Deleting

When a user is deleted, his name is anonymized, but information about the user persists in the database, so content created by the user (like comments) will be still available.

Deleted users can no longer log in. Since user deleting is soft-delete process, you can reverse it through altering deleted column in dbo.licenses table.

Using two accounts

When the same person is working both with Dataedo Desktop and Dataedo Web Catalog it is possible that they will have two separate user accounts. For instance, Online Account for Dataedo Desktop and OKTA account for Dataedo Web Catalog.

In that case, we recommend linking the Web Catalog account with Online Account, through the Advanced section in User details.

TBD - Screen from Linking + change the screen above

When the above option is set, the user will be reauthenticated as a selected user starting from the next login.

So for the given example, whenever the User login with their OKTA account, they will get authenticated as Dataedo online account user. That way, the experience in both products will be complementary (for instance Changes History or Following features will work clearly).

Groups

Groups should mirror company structure and are meant to make permissions management easier. Instead of assigning the "Editor" Role to users one by one, we recommend you group all editors into one group and assign permissions to it.

Adding a group

You can add a new group or edit existing from the group listing.

Groups

Managing a group

After creation, you can open group details, to edit basic settings like the name of whether the group is the default. You can also assign permissions to the group. More on permissions in later sections in this article. You can also use the users' tab in the Group management, to quickly assign Users to the Group.

Managing

Default group

Users can be created manually, or automatically upon first login attempt to the Web Catalog - explained in this article. Default group setting specifies if the group should be assigned to all new users.

During user creation, the user is automatically assigned to all default groups.

Deleting a group

Deleting the group requires confirmation in the popup.

Deleting Group

When you confirm:

  • all users are unassigned from a group (all users are losing permissions inherited from this group),
  • the group with all its settings is irreversibly deleted.

Roles

A role is named a set of actions, that one can perform. Roles in the system should mirror real-life responsibilities, like "External viewers" or "Data Stewards".

We are adding a few predefined Roles to the list, but you can manage all of them.

Roles

Managing a role

Managing a role is setting what actions are included in it. A complete list of actions with scope explanation is available in Actions in Dataedo Web Catalog article.

Editing a Role

Deleting a role

When a role is deleted, all permissions based on that Role are removed from the system.

Permissions

Permission is a role assigned to someone (User or Group) in some context (Repository or Database).

Examples of permissions are:

  • John Doe has an Admin role in SQL Server DB 1.
  • Analysts Group has an Editor role in Oracle Documentation.
  • Viewers Groups have a Viewer role for the whole Repository.

Assigning permissions

You can give permissions both to users and groups, through a very similar UI. On top of the screen, you are defining repository roles (global in other words). Below you are defining roles for a specific data source (database or Business Glossary).

Permissions

Inheriting permissions

Users inherit all permissions from all Groups they are in.

In other words, user permissions are a summary of all his personal permissions and permissions inherited from his groups. You can audit a summary of all permissions through users' details.

Found issue with this article? Comment below
0
There are no comments. Click here to write the first comment.