Manage users and permissions
Pentaho Data Catalog comes with a set of default user roles that define role-based access for PDC users. Administrators can further refine this access by creating communities that group users with similar responsibilities and apply additional permissions or restrictions. For more information, see User roles and permissions in Data Catalog in the Use Pentaho Data Catalog guide.
Users with the Admin role, or users who have been granted Admin permissions through a community, can manage user accounts and access permissions through the Manage Your Environment page. From there, administrators can add, edit, or remove users, assign roles, and manage community membership.
You can also import users from Microsoft Active Directory (AD) for centralized identity and access management. When Active Directory integration is enabled, users should not be created directly in the catalog. Communities, however, must always be created and managed within Data Catalog to control permissions and access scopes. For more information, see Integrate Active Directory with Pentaho Data Catalog.
Add a user
You can add new users to Data Catalog from the Manage Your Environment page. Each user must be assigned at least one role or community to define access permissions.
Perform the following steps to add a user:
Prerequisites
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Manage Your Environment page, click the Users & Communities card, click Add New, and select Add User.
The Create User page opens.
Enter the information for the user.
(Optional) Click Add to Community.
The Available Communities window opens.
(Optional) Select one or more checkboxes for a community to which you want to add the user, and click Done.
(Optional) Click Add Roles.
The Available Roles window opens.
(Optional) Select one or more checkboxes for the role or roles to assign to the user.
Note: If you try to assign an Expert user role to the user but have reached the limit allowed by your license agreement, you see a message that you have exceeded the licensed limit and cannot assign the role.
When you are finished assigning permissions, click Done.
The user is created.
Add a community
Administrators can create communities in Pentaho Data Catalog to fine-tune access beyond default user roles. A community acts as a custom role that groups users with similar responsibilities and grants additional or restricted permissions for specific catalog assets.
Perform the following steps to add a community:
Prerequisites
You must have the Admin role or Admin permissions through a community.
Identify the base role (for example, Data Steward or Business User) on which you want to model the community permissions.
Determine which users will be members of the new community and which catalog assets they should access.
Procedure
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Manage Your Environment page, click the Users & Communities card, click Add New, and select Add Community.
The Create Community page opens.
Enter a name for the community.
Select a role to be the basis of the permissions for the community.
(Optional) Enter a description of the community.
In the Users area, select users to add to the community.
In the Permissions area, select the checkboxes of permissions per feature that you want the users in the community to have.
The following image shows a partial view of the default permissions for the Data Steward role. Checkboxes that are grayed out cannot be selected.
Permissions table in add or edit community page In the Scope area, click the plus sign at the end of the row for a listed Data Catalog feature to show the options within the features that are available to add to the community, such as Business Glossary or Data Sources.
The following image shows a sample Scope table:
Scope table in add or edit community page After clicking a plus sign, an Add Scope window opens. The following screen shows an Add Scope window for data sources. By default, all data sources are selected, with a checkmark in the All checkbox. To restrict the data source access for someone in this community, clear the All checkbox and select the checkboxes for other data sources to which you want to allow access.
Add Scope window in add or edit community page After defining the scope, click Done to close the window.
Click Done to add the community.
The community is added to the Data Catalog, and users can be added to it.
Edit a user
You can change the permissions for a Pentaho Data Catalog user by editing the user to add a role or community. You can also update the user's profile information.
In Data Catalog, access permission for data source types is governed by communities. To update a user's data source access permissions, you need to update the community to which the user is assigned, or update the community itself. To see the data source access for an existing community, see Edit a community or you can Add a community.
Perform the following steps to edit a user's information:
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Users & Communities card, click Users. The Users page opens.
Locate the user you want to edit. At the end of the row, click the pencil icon.
The user-specific page opens.
Edit the user as necessary. You can add or remove a user from a community, add or remove roles, and update the user's profile information.
Note: When a user has more than one role, the role access permissions are cumulative, meaning that the user's resulting access contains the permissions for the individual roles.
You can perform one or more of the following actions:
Update user name
Under User Information, update the First name or Last name fields.
Add user to a community
In the Add User to Communities table, click Add to Community.
Select the checkbox next to one or more communities to assign to the user.
Click Done.
Remove user from a community
In the Add User to Communities table, select the checkbox next to one or more communities to remove.
Click Delete.
Add a role to the user
In the Add Role(s) to User table, click Add Roles.
The Available Roles window opens.
In the Available Roles window, select the checkbox next to one or more roles to assign to the user.
Click Done. Note: If you try to assign an Expert user role to the user but have reached the limit allowed by your license agreement, you see a message that you have exceeded the licensed limit and cannot assign the role.
Remove a role from the user
In the Add Role(s) to User table, select the checkbox next to one or more roles to remove.
Click Delete.
4. When you are finished updating, click Edit.
The user information is updated.
Edit a community
You can update the role that gives the community its base permissions, add or remove users, add or remove permissions for various actions, and adjust the scope of the community, such as the resources on which the actions can be performed.
Perform the following steps to edit a community:
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Users & Communities card, click Communities. The Communities page opens.
Locate the community you want to edit. At the end of the row, click the pencil icon.
The community-specific page opens.
Edit the community as necessary. You can update the community information, add or remove users, select or deselect permissions assigned to the community, or update the scope of the community's permissions. You can perform one or more of the following actions:
Update the community information
You can change the role that gives the community its base permissions, or you can update the description. To change the role, click the down arrow at the end of the Role field and select a different role.
Add users to the community
In the Users table, click Add Users.
Select the checkbox next to one or more users to add.
Click Done.
Remove users from the community
In the Users table, select the checkbox next to one or more users to remove.
Click Delete.
Update community permissions
In the Permissions table, you can select any unselected checkbox that is available, or not blocked from being selected.Select or clear checkboxes for the permissions you want for the community.
Update community scope
In the Scope table, you can update the scope of the features the community can access, such as data source types.
4. When you are finished updating, click Edit.
The community information is updated.
Remove a user
You can remove a user if they no longer need access to Data Catalog.
Perform the following steps to remove a user:
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Users & Communities card, click Users. The Users page opens.
Locate the user you want to remove, and select the checkbox at the beginning of the row.
The user-specific page opens.
Click Delete.
A confirmation window opens.
Click Delete to confirm.
The user is removed.
Remove a community
You can remove a community from Data Catalog if it is no longer required. Perform the following steps to remove a community:
On the left navigation main menu, click Management. The Manage Your Environment page opens.
On the Users & Communities card, click Communities. The Communities page opens.
Locate the community you want to remove, and select the checkbox at the beginning of the row.
The user-specific page opens.
Click Delete.
A confirmation window opens.
Click Delete to confirm.
The community is removed.
Last updated