About the Security Module
Users Page
By default, the page opens when you click the Security module.
It gives you the list of the existing user accounts and enables you to edit and delete them and create new ones.
Your members are listed with little information like their username and job title. You can view information about a user account and the groups it belongs to by selecting it from the list. On the page that opens, you will only be able to change the member’s password.
|
User access rights are managed at the group level. Indeed, access to Saagie platforms, modules, and projects is not managed individually for each user account, but rather by the groups they belong to.
Groups Page
The page gives you the list of the existing groups and enables you to edit and delete them and create new ones.
Groups enable you to manage the access rights. You assign roles to an entire group to allow members to perform some actions and not others. You can add as many members as you want and all members added to the group will have the same access rights.
Groups are listed with only their name. You can view and edit information about a group by selecting it from the list.
Saagie Default Groups
There are four default groups automatically created on all Saagie platforms that cannot be deleted:
-
hadoop_acl_admin
: For the Sentry administrator who manages access rights via Hive/Impala and HDFS (Hadoop Distributed File System) files. -
hadoop_admin
: For the HDFS administrator with full rights on the file system. -
saagie
: For the Saagie support team. -
platforms_admin
: For your company’s Saagie administrators to manage your platforms. Members of this group can manage users, groups, and authorizations. They also have access to all platform features, but not necessarily to all data.
Roles
Roles are specified along with access rights. They allow you to control the actions that a groups is allowed to perform.
Roles | Description |
---|---|
Viewer |
Has read access to the project. |
Editor |
Has read and edit access (example: edit jobs) to the project. |
Manager |
Has read and edit access (example: edit jobs) to the project, can delete it and modify its settings and configuration (example: run type, versions). |
Group Access Rights
Access rights are specified when creating the group and can be changed afterward. They include global access and platform access.
Global access rights apply to all platforms that the group can access.
- 1 – Manager
-
Defines the access role.
-
When the viewer role is selected, it only gives read access to projects.
-
When the manager role is selected, it gives read and edit access to projects, the right to delete them, and to modify settings and configuration.
-
- 2 – Technology Catalog
-
Defines access to the
Catalog module.
-
When the Can access Technology Catalog option is selected, it gives the user group access to the Catalog module and thus to the management of repositories and technologies.
-
The Applications sub-tab of the Platform Access tab allow you to manage access rights to modules (named Applications in the user interface) for the user group.
- 1 – Manager
-
Defines access to the
Manager module.
The Manager module is Saagie's legacy user interface. It allows you to create extraction, processing, and smart app jobs, as well as access data lake and data mart services. It is being removed and will not be available in future versions of Saagie. We encourage you to switch to the Projects module interface. -
When the Can access Manager with the role of viewer/manager option is selected, it gives group members access to the Manager module.
The role that appears at the end is the same that the one you chose previously in the Global Access section. The role you chose previously is assigned for all platforms and access to the Manager module is defined for each platform.
-
- 2 – Projects
-
Defines access to the
Projects module.
-
When the Can access Projects option is selected, it gives group members read access to the Projects module and enables the following sub-options:
-
Can edit global environment variables: select this option to give group members the rights to edit global environment variables.
-
Can create new projects: select this option to give group members the rights to create new projects.
-
You must fill in the Projects tab for these options to be taken into account. -
- 3 – Governance
-
Defines access to the
Governance module.
The Governance module allows you to view and manage your organization’s data, organize and document datasets, set up dataset access rules, and monitor personal data. -
When the Can access Governance option is selected, it gives group members access to the Governance module and enables the following sub-option:
-
Can edit data documentation in Governance: select this option to give group members the editing rights in the Governance module.
-
-
When the Can access Data API option is selected, it gives group members read access to the data API.
-
When the Can access and edit Dataset Access option is selected, it gives group members read and edit access to the dataset.
-
When the Can access all Datasets option is selected, it gives group members read access to all the datasets.
-
The Projects sub-tab of the Platform Access tab allow you to manage access rights to projects for the user group.
To access this tab, you must have selected the Can access Projects option in the Applications sub-tab of the Platform Access tab. |
- 1 – Access all projects
-
Defines access to all projects in the platform.
-
When the Access all projects option is selected, it gives group members access to all projects in the platform with the role you choose.
For this option, the role you choose is the same for all project. If you need global access but different roles for different projects, you must add each project individually.
-
- 2, 3 – Add projects
-
Defines access to the added projects only.
-
Click Add projects to give group members access to specific projects only, then choose the role (3) with which they will be able to access them.
-