Planning user groups and their access levels
User groups can be assigned different levels of access to datasets and projects, and to the catalog. Also, different levels of permissions can be granted directly to individual resources. This section will help you plan the user groups for your organization.
Important
Note that ddw-catalog is a special system used dataset (available in all Enterprise organizations) and users and user groups who have Manage access to this dataset, automatically get authorized to manage the catalog resources of the organization.
For access to datasets and projects
You can create a user group and assign different access levels to all datasets and projects within the organization. This approach ensures that users in this group automatically inherit permission rules for any new dataset or project added to the organization.
You can also grant access directly from the individual resource to users, groups, or the organization. This method allows you to manage the permissions of the specific resource efficiently.
Note
Don't add users to any groups and give them direct access to a specific datasets and projects. This is not a recommended approach as it creates a maintenance overhead especially when you are managing large numbers of users and resources. Also, when someone leaves a company, it is much easier to remove the user from the various groups instead of going to each resource and revoking their access.
For access to catalog resources
Create user groups and assign them following level of access to all catalog resources in the organization. This way users in this group will automatically inherit access to any new catalog resources that are added to the organization.
You can also grant access to users, groups, or the organization directly from the individual catalog resource. This approach enables you to manage the permissions of the specific collection effectively.
Important
Note that when members are not given Edit or Manager access to catalog resources at the organization level and have access to specific collections only, they can only create the catalog resources from the Collections Details page and not from the Overview tab or the Resources or Glossary tab of the Organization Profile page.
Note
Don't add users to any groups and give them direct access to specific collections. This is not a recommended approach as it creates a maintenance overhead especially when you are managing large numbers of users and resources. Also, when someone leaves a company, it is much easier to remove the user from the various groups instead of going to each resource and revoking their access.
For more details about planning access control for collections, please see Planning collection & permissions for collections.
For managing organizations
A user group with the This group can manage organization settings, billing, and member groups access enabled will be able to manage organization settings available from the Settings tab of the Organization profile page, members and member groups from the Members tab.
Important
Users need to have Manage access to Datasets and projects to manage the Connection Manager configuration available in the Settings tab. And, users need to have Manage access to Catalog resources to manage the tasks for the configured connections.
How do permissions work when users belong to more than one group?
When you belong to multiple groups, we aggregate the permissions and the highest level of permissions are honored.
Configuration | Results |
|---|---|
A user belongs to two groups:
| Users in the Super admin group will be able to do the task as the highest level of access is honored. |
A user belongs to two groups:
| Users in the Sales group will still be able to view the catalog resources as the All members group has that permission. |
| Users in the Marketing group will be able to manage that specific dataset. |