About the Security Module

Users Page

The The "Users" page icon is a person icon. Users page gives you access to the platform’s user account library.

By default, the page opens when you click the The "Security" module icon is a shield with a person icon inside. Security module. It gives you the list of the existing user accounts and enables you to edit and delete them and create new ones.

Your members are listed with little information like their username and job title. You can view information about a user account and the groups it belongs to by selecting it from the list. On the page that opens, you will only be able to change the member’s password.

As an administrator, you cannot change the username, email address, and job title of a user account. For more information, see Managing User Accounts.
As a member, if you want to change your user account information, see Managing Your User Profile.

User access rights are managed at the group level. Indeed, access to Saagie platforms, modules, and projects is not managed individually for each user account, but rather by the groups they belong to.

Groups Page

The The "Groups" page icon is an icon of three persons. Groups page gives you access to the platform’s group library.

The page gives you the list of the existing groups and enables you to edit and delete them and create new ones.

Groups enable you to manage the access rights. You assign roles to an entire group to allow members to perform some actions and not others. You can add as many members as you want and all members added to the group will have the same access rights.

Groups are listed with only their name. You can view and edit information about a group by selecting it from the list.

Saagie Default Groups

There are four default groups automatically created on all Saagie platforms that cannot be deleted:

hadoop_acl_admin: For the Sentry administrator who manages access rights via Hive/Impala and HDFS (Hadoop Distributed File System) files.
hadoop_admin: For the HDFS administrator with full rights on the file system.
saagie: For the Saagie support team.
platforms_admin: For your company’s Saagie administrators to manage your platforms. Members of this group can manage users, groups, and authorizations. They also have access to all platform features, but not necessarily to all data.

Roles

Roles are specified along with access rights. They allow you to control the actions that a groups is allowed to perform.

Table 1. Access Role Table
Roles	Description
Viewer	Has read access to the project.
Editor	Has read and edit access (example: edit jobs) to the project.
Manager	Has read and edit access (example: edit jobs) to the project, can delete it and modify its settings and configuration (example: run type, versions).

Group Access Rights

Access rights are specified when creating the group and can be changed afterward. They include global access and platform access.

Global Access
Platform Access - Applications
Platform Access – Projects

Global access rights apply to all platforms that the group can access.

Screenshot of the "Global Access" tab in the group settings.

1 – Manager

Defines the access role.

When the viewer role is selected, it only gives read access to projects.
When the manager role is selected, it gives read and edit access to projects, the right to delete them, and to modify settings and configuration.

2 – Technology Catalog

Defines access to the apps Catalog module.

When the Can access Technology Catalog option is selected, it gives the user group access to the Catalog module and thus to the management of repositories and technologies.

The Applications sub-tab of the Platform Access tab allow you to manage access rights to modules (named Applications in the user interface) for the user group.

Screenshot of the "Applications" sub-tab in the "Platform Access" tab in the group settings.

1 – Manager

Defines access to the manager Manager module.

The Manager module is Saagie's legacy user interface. It allows you to create extraction, processing, and smart app jobs, as well as access data lake and data mart services. It is being removed and will not be available in future versions of Saagie. We encourage you to switch to the Projects module interface.

When the Can access Manager with the role of viewer/manager option is selected, it gives group members access to the Manager module.

The role that appears at the end is the same that the one you chose previously in the Global Access section. The role you chose previously is assigned for all platforms and access to the Manager module is defined for each platform.

2 – Projects

Defines access to the project Projects module.

When the Can access Projects option is selected, it gives group members read access to the Projects module and enables the following sub-options:
- Can edit global environment variables: select this option to give group members the rights to edit global environment variables.
- Can create new projects: select this option to give group members the rights to create new projects.

You must fill in the Projects tab for these options to be taken into account.

3 – Governance

Defines access to the governance Governance module.

The Governance module allows you to view and manage your organization’s data, organize and document datasets, set up dataset access rules, and monitor personal data.

When the Can access Governance option is selected, it gives group members access to the Governance module and enables the following sub-option:
- Can edit data documentation in Governance: select this option to give group members the editing rights in the Governance module.
When the Can access Data API option is selected, it gives group members read access to the data API.
When the Can access and edit Dataset Access option is selected, it gives group members read and edit access to the dataset.
When the Can access all Datasets option is selected, it gives group members read access to all the datasets.

The Projects sub-tab of the Platform Access tab allow you to manage access rights to projects for the user group.

To access this tab, you must have selected the Can access Projects option in the Applications sub-tab of the Platform Access tab.

Screenshot of the "Projects" sub-tab in the "Platform Access" tab in the group settings.

1 – Access all projects

Defines access to all projects in the platform.

When the Access all projects option is selected, it gives group members access to all projects in the platform with the role you choose.

For this option, the role you choose is the same for all project. If you need global access but different roles for different projects, you must add each project individually.

2, 3 – Add projects

Defines access to the added projects only.

Click Add projects to give group members access to specific projects only, then choose the role (3) with which they will be able to access them.