About the Security Module

Users Page

The The "Users" page icon is a person icon. Users page gives you access to the platform’s user account library.

By default, the page opens when you click the The "Security" module icon is a shield with a person icon inside. Security module. It gives you the list of the existing user accounts and enables you to edit and delete them and create new ones.

Your members are listed with little information like their username and job title. You can view information about a user account and the groups it belongs to by selecting it from the list. On the page that opens, you will only be able to change the member’s password.

As an administrator, you cannot change the username, email address, and job title of a user account. For more information, see Managing User Accounts.
As a member, if you want to change your user account information, see Managing Your User Account.

User access rights are managed at the group level. Indeed, access to Saagie platforms, modules, and projects is not managed individually for each user account, but rather by the groups they belong to.

Groups Page

The The "Groups" page icon is an icon of three persons. Groups page gives you access to the platform’s group library.

The page gives you the list of the existing groups and enables you to edit and delete them and create new ones.

Groups enable you to manage the access rights. You assign roles to an entire group to allow members to perform some actions and not others. You can add as many members as you want and all members added to the group will have the same access rights.

Groups are listed with only their name. You can view and edit information about a group by selecting it from the list.

For more information on how to manage groups, see Managing Groups.

Saagie Default Groups

There are four default groups automatically created on all Saagie platforms that cannot be deleted.

hadoop_acl_admin: For the Sentry administrator who manages access rights via Hive/Impala and HDFS (Hadoop Distributed File System) files.
hadoop_admin: For the HDFS administrator with full rights to the file system.
saagie: For the Saagie support team.
platforms_admin: For your company’s Saagie administrators to manage your platforms. Members of this group can manage users, groups, and authorizations. They also have access to all platform features, but not necessarily to all data.

Roles

Roles are specified along with access rights. They allow you to control the actions that a groups is allowed to perform.

Table 1. Access Role Table
Roles	Description
Viewer	Has read access to the project.
Editor	Has read and edit access (example: edit jobs) to the project.
Manager	Has read and edit access (example: edit jobs) to the project, can delete it and modify its settings and configuration (example: run type, versions).

Group Access Rights

Access rights are specified when creating the group and can be changed afterward. They include global access and platform access.

Global Access
Platforms Access – Applications
Platforms Access – Projects

Global access rights apply to all platforms that the group can access.

Screenshot of the "Global Access" tab in the group settings.

1 – Technology Catalog: Defines access to the Catalog module.
→ When the Can access Technology Catalog option is selected, it gives the user group access to the Catalog module and to the management of repositories and technologies.
2 – Monitoring: Defines access to the Monitoring module.
→ When the Can access to Cluster Overview option is selected, it gives the user group access to the Monitoring module and to the resource consumption data of your cluster.

Platform access rights apply to the projects and modules of a specified platform. Add the platform(s) the group can access, then specify the group’s access rights to modules and projects.

The Applications sub-tab of the Platforms Access tab allow you to manage access rights to modules (named Applications in the user interface) for the user group.

Screenshot of the "Applications" sub-tab in the "Platform Access" tab in the group settings.

1 – Projects

Defines access to the project Projects module.
→ When the Can access Projects option is selected, it gives group members read access to the project Projects module and enables the following sub-options:

Can edit global environment variables: select this option to give group members the rights to edit global environment variables.
Can create new projects: select this option to give group members the rights to create new projects.

You must fill in the Projects tab for these options to be taken into account.

Platform access rights apply to the projects and modules of a specified platform. Add the platform(s) the group can access, then specify the group’s access rights to modules and projects.

The Projects sub-tab of the Platforms Access tab allow you to manage access rights to projects for the user group.

To access this tab, you must have selected the Can access Projects option in the Applications sub-tab of the Platform Access tab.

Screenshot of the "Projects" sub-tab in the "Platform Access" tab in the group settings.

1 – Access all projects

Defines access to all projects in the platform.
→ When the Access all projects option is selected, it gives group members access to all projects in the platform with the role you choose.

For this option, the role you choose is the same for all project. If you need global access but different roles for different projects, you must add each project individually.

2, 3 – Add projects

Defines access to the added projects only.
→ Click Add projects to give group members access to specific projects only, then choose the role (3) with which they will be able to access them.