Groups

1. Overview

Screenshot of the groups overview homepage with four sections outlined
  1. Platform indicator: Security is a cross-platform module. You cannot navigate between platforms directly from the groups section.

  2. New group button: Create a new group.

  3. Search for groups: Search for group by name.

  4. List of groups: Use this list to navigate to a group’s details and to delete groups.

2. Default groups

Four default groups are created automatically on all Saagie platforms. These groups cannot be deleted.

  • hadoop_acl_admin: Sentry administrator that manages access rights via Hive/Impala and HDFS files

  • hadoop_admin: HDFS administrator with all file-system rights

  • saagie: Used by the Saagie support team

  • platforms_admin: Used by your company’s Saagie administrators to manage your Saagie platforms

    • Users in this group can manage users, groups, and authorizations.

    • They also have access to all platform features, but not necessarily all data.

3. Group settings

3.1. Names

Group names can be just about anything you want, as long as they do not contain unsupported characters.

Group names can contain:

  • lowercase letters

  • numbers

  • dots (.)

  • dashes (-)

  • underscores (_)

3.2. Roles

Groups are assigned roles, which control the actions that group is allowed to perform.

Table 1. Roles
Action | Role Viewer Editor Manager

View project

checkmark

checkmark

checkmark

Edit project content
(example: jobs)

checkmark

checkmark

Modify project settings and configuration
(example: run type, versions)

checkmark

Delete Project

checkmark

4. Manage groups

Access to platforms, modules, and projects within Saagie are never managed by individual user—​only by group.

If you need specific settings for a single user, create a group and only add that user.

You’ll determine all of the settings discussed on this page when you create a new group. These settings can be modified at any time. To view and manage settings for a group, select the group from the list found on the group homepage.

Group settings are divided into three categories:

  • Members

  • Global access

  • Platform access

To save changes, you can select Save group from any screen.

4.1. Members

Members section when managing groups

You have three possible actions from the members screen:

  1. Find group members

  2. Add a member to the group

  3. Remove a member from the group

4.1.1. Find group members

You can use the search bar to search for group members. Only search by user names; email addresses won’t turn up any results.

This feature is especially useful for large groups.

4.1.2. Add a member to the group

Add as many members as you need to the group by using the Add a member button. There’s no limit on how many members can be in a group.

4.1.3. Remove a member from the group

There are two ways to remove members from a group:

  1. Remove multiple members at once by using the checkbox next to usernames, then selecting Remove.

  2. Remove one member at a time by selecting the minus sign in the member’s row.

    There isn’t a step to confirm if you want to remove members. If you remove a member by accident, add them back to the group by using the Add a member button.

4.2. Global access

Global access section when managing groups

The global access section manages two settings:

  1. Manager global role

  2. Access to the Technology Catalog

These settings are global and will apply to all platforms this group can access.

4.2.1. Manager global role

Two roles are available for the manager global role: viewer and manager. Editor is not an option for this setting.

Refer to Roles to review roles and their corresponding access rights and responsibilities.

4.2.2. Access the Technology Catalog

Groups can only access the Technology Catalog if they are granted rights. Only groups that will create apps using Technology Catalog need access to this feature.

4.3. Platform access

Access to platforms is managed by group. This collection of settings is the most robust in the product and is divided into two sections: modules (currently referred to as applications in the UI) and projects.

4.3.1. Modules/Applications

Platform access section when managing groups

Through the modules/applications section of platform access, you can allow access to modules and remove platform access.

  1. Manager module (legacy)

    • The role is the same role you chose in the global access section.

  2. Projects module (new)

    • If a group has access to the Projects module, you can also determine whether members of the group can:

      • Edit global environmental variables

      • Create new projects

  3. Governance module

    • If a group can access the Governance module, you can also determine whether they can edit data documentation.

    • Regardless of whether a group can access the Governance module, you can determine whether they can:

      • Access the Data API

      • Access and edit Dataset Access

      • Access all Datasets

  4. You can also remove the group’s access to the platform.

4.3.2. Projects

There are two options when granting project access:

  1. Grant access to all projects on the platform

  2. Grant access to only specific projects

All projects
Access toll projects section within platform access when managing groups
  1. If you’d like this group to access all projects on the platform, you can select the checkbox next to Access all projects.

  2. Choose which role you’d like to give the group.

Selected projects
Projects section within platform access when managing groups

To add access to only selected projects:

  1. Use the Add project button to add access to one or several projects on the platform.

  2. For each project the group can access, choose a role.

  3. There are two ways to remove a project from the list:

    • Remove multiple projects at once by using the checkbox next to the project names.

    • Remove one project at a time by selecting the minus sign in the project’s row.

  4. You can also remove the group’s access to the platform.

Access to projects

If you choose to allow access to all projects, the role you choose will be the same for every project on the platform. Using this option means that you cannot assign the role of viewer for one platform and manager for another.

If a group needs global access but different roles for different projects, add each project individually. Then, you can choose the roles for each project.

5. Delete a group

Groups can be deleted individually from the groups homepage by selecting the Delete button in the group’s row. Default groups cannot be deleted.