- 20 Mar 2024
- 5 Minutes to read
- PDF
Security & Permissions
- Updated on 20 Mar 2024
- 5 Minutes to read
- PDF
Overview
Roles and Permissions define the user's interaction with various Validatar objects and determine the specific functionalities that users can access. Validatar has various security permissions at the global, project, and data source levels.
New User Must Haves
Validatar Security Admins can create and manage user accounts. Follow these steps to ensure each new user has the appropriate roles and permissions.
- Create a new user in Settings
- Assign the appropriate Licensed and Global Admin roles
- Add the user to a user group (highly recommended)
- Assign the user or user group permissions to data sources
- Assign the user or user group permissions to projects
- Invite each user to Validatar by
- providing the server address and the user credentials you created
- or sending them a password reset link using the Forgot password option on the login screen
Roles - What Can I Do in Validatar?
When a user is created the user can have one or more roles assigned to their Validatar account.
Validatar comes with a set number of licensed Creator roles. Find the volume limits for your instance by selecting your current license key in License Settings.
- Licensed Roles are determined by the purchased license tier which specifies the allowable number of users.
- Creator - Allows users to create tests, jobs, and other Validatar objects.
- Viewer - Allows users access to Validatar. All user accounts are Viewers and this role cannot be removed. To remove someone's access to Validatar, archive their user account.
- Global Roles provide administrative privileges to users and can be viewed in the Settings area. These admin roles should be carefully assigned.
- Configuration Admin - Can manage Licenses and Configuration settings.
- Custom Metadata Admin - Can manage Catalog and Project Custom Fields.
- Data Source Admin - Can create new Data Sources. The permission to manage a single Data Source is set on the Data Source itself.
- Lineage Metadata Admin - Can create and manage Lineage Metadata sources.
- Security Admin - Can manage Projects, Users, Users Groups, and User Tokens.
- NOTE: A Global Admin has all of the above global roles.
Permissions - What and Where Can I Do It?
After roles are defined for an individual user, you must grant permissions on a project and data source level. We recommend using User Groups to assign permissions.
Data Source Permissions
Validatar provides the capability for each data source to possess its own distinct set of permissions, ensuring that users do not inadvertently access data they are not intended to access. You can add individual users or a user group to a data source by creating a New Rule.
The user who creates the data source automatically becomes the data source owner and has all permissions enabled. The data source owner is identified by the crown icon beside their name. The owner can be changed by double-clicking the owner's username and selecting another user from the dropdown then selecting Save.
Permissions are easily granted using Permission Sets. For instances that have licensed Custom Permissions, you will be able to choose the following fine-grain permission combinations: Viewer, Tester, Contributor, or Admin. If Custom Permissions have not been licensed, users can only be a Contributor or Admin.
The ability to modify Permission Set options is exclusively available through the Custom Permissions license feature.
Data Source Permission Types
Permission | Description |
---|---|
Browse Metadata & Data Profiling | The user can view the data source's data profile and metadata in the Explorer. If the user does not have this permission, the data source will not appear on the Explorer page list. |
View Test Results | The user can view test results where this particular data source is selected as the test or target data source. |
Create & Edit Tests | The user can create new tests and modify existing tests. |
Run Tests | The user can execute a test either from the test configuration page or the test home page. |
Run Profile Sets | The user can execute profile sets that have been created to run against this data source. |
Edit Metadata | The user can modify custom field values for the data source in the Explorer area. |
Manage Connections & Schema Metadata | The user can configure and modify a primary connection, metadata connection, and profile connection. The user can also configure metadata ingestion SQL, refresh a data source's metadata, and put the metadata refresh on a schedule. |
Manage Data Profiling | The user can create new profile sets and modify existing profile sets. The user also has permission to rename and delete profile sets and the record of their subsequent executions. |
Manage Permissions | The user can create new rules to add users and user groups to a data source. The user can also add and remove user permissions for the data source. |
Keep in mind that database connections use the credentials defined in the connection string for each data source, so be mindful of who is granted permission to create tests, run profiles, and see the data in that data source. For this reason, we suggest using read-only, service account credentials to connect to each data source, unless otherwise needed. If necessary, create multiple data sources using different credentials that provide the necessary level of access.
Project Permissions
The following is the list of available project roles and details of what they allow the user to do.
Role | Description |
---|---|
Create Tests | The user can create tests in the project. Note: A user also needs the licensed Creator role to create tests. |
Create Jobs | The user can create jobs in the project. |
Create and Edit Labels | The user can create and modify labels to group tests, template tests, and jobs. |
Import | The user can import objects into a project using an XML file. |
Export | The user can export objects out of a project to an XML file. |
Project Admin | The user has project admin access to the current project. You cannot remove your own project admin access from a project on this page. |
Project Access | The user has, at minimum, read-only access to the project. |
Granting Access to a Project
To add a user to a project:
- Navigate to Project Settings > Project Users.
- Select Grant Access.
- Select the username from the Choose Username dropdown.
- Select the appropriate roles for the user.
- Select Save.
Project Permission Sets
Easily assign privileges to view, create, import/export, and perform admin tasks for each Validatar project. Project admin permissions can also be granted on a user's profile by following Settings > Users > User Profile. If licensed, custom permissions can also be granted if you choose not to use the permission sets.
For instances that have licensed Custom Permissions, you will be able to choose the following fine-grain permission combinations: Viewer, Contributor, Power User, or Admin. If Custom Permissions have not been licensed, users can only be a Power User or Admin.
The ability to modify Permission Set options is exclusively available through the Custom Permissions license feature.
Removing Access from a Project
To remove a user from a project:
- Select the user from the list.
- Select Remove Access.
- Select Remove in the validation pop-up.
You can immediately restore a user's access after you've removed them from a project as long as you do so before navigating away from the Project User Permissions page. Once you navigate away, you will have to go through the full process of granting a user access to a project to re-add them.