There are different set of users who use DvSum application. If Admin wants to provide access to particular set of users/groups or he wants to restrict the access of certain modules, here's how to do it.
Step 1: In this section, there is a field "Module Access Role". In this column, the default roles will be displayed as same as Roles for existing users. For instance; if an existing user has an 'Admin' role then it will also appear as 'Admin' in Module access role column as shown below;
Step 2: If you create a new user and wants to give it a different level of access, then, first select the user, click the 'Edit user' button. It will open up an Edit user interface where you can see the new field added as 'Manage Access Role'. It will have all the existing default roles, also the new roles that are added from which you can select. For instance; you select 'Analyst' role for user 'Admin' and hit Save.
Note: Now it will have restricted access that is given at Analyst level. Please note that even though the user role is set as 'Admin' but the preference of access will be granted according to option set in 'Module Access Role'.
Step 3: Default Roles and access
Please note that for existing users, their default roles i.e Owner, Admin, user, super user level will have no change. Also, the default roles (Owner, Admin, user, super user) cannot be edited or deleted from here and there will be no 'Created by' and 'Modified By' data in the cell. These roles will be generated by default here.
By default Owner will have access to all tabs. Admin will have access to Admin tab, Reference dictionary and Batch execution. Super user will have access to reference dictionary and Batch execution. Normal user will have no default access at all.
But for custom role(s) (custom role that is created by user), these permissions can be changed as explained in step 7
|Manage Account Tab||✓||✕||✕||✕|
|Delete a user from Admin Tab||✓||✕||✕||✕|
Step 4: View Users
If you want to view list of users that have a role set as as 'Admin' and their user 'Status' then click this 'View users' button and it will display a new interface consisting list of all users added as an Admin as shown below;
Step 5: Create Role
Additionally, we have provided user a facility to create more roles other than just default roles which later can be assigned to users with different level of role access. These custom roles can be edited or deleted based on the access given which later is explained in Step 8 that shows how it can be set.
In the Create Role interface, there is 'Name', 'Clone from role' and 'description' field. The clone from role will enable you to select role from any existing roles and the permission for this new role will be set accordingly which later can be modified.
Step 6 : Role Detail Page
As soon as the role is created user will land on the Role detail page. User can navigate back to Manage Roles page by clicking it from top. Also, if you want to view list of users, then click 'View Users' link. Under this, all the modules and sub modules of DvSum application are displayed and from here, you can control permissions for these as shown below;
Note: Please note that the access of Dashboard will always be enabled and cannot be changed. For instance; if some user has no access of any module or sub module in dvSum application then dashboard by default will always be visible.
Step 7 : Setting up Permission(s)
Let's say the role 'Access Module' that is just created, you turn off the switch for 'Manage Dashboard' and 'Advanced Analytics' for it. Click the Save button.
Step 7.1 Now any user that this role is assigned to will not have access to these two sub modules of Dashboard. Let's say, you select any user from Manage users section and assign this Role to it as shown below;
Note: From here you can also verify that, the user role is set as 'Admin' but the permission of access will be preferred based on what role is set in 'Module Access Role'.
Step 7.2 To verify it, login from that user account and check the options right under Dashboard section. Those two sub modules will not be showing down there as shown below;
Step 7.3 If you switch off the main Module permission then that particular module will not be visible on main DvSum application menu. For instance; Administration tab is switched off for above user then on login from that account, it will be hidden as shown below;
Step 8 Manage Role: Viewing/Creating/Editing/Deleting Role
Furthermore, in this version v1.0 of manage access, we have enabled you to further set permissions of Viewing, Creating, Editing, and Deleting in 'Manage Role' under the Administration module. If you want to enable this role to be able to only view/create/edit/delete or do all of these, it can be done from here.
For instance; set the view permission in the Manage role for 'Access Module' and Save the changes as shown below
Step 8.1 Specifically, for Data Dictionary the Read/Write access can be done like this.
By selecting the view only access for Table DIctionary, it will allow user to only view all the details from listing view of table / column dictionary respectively. User can not make any changes from listing view pages e.g;
1. Row Level Operations: Mass Update, Hide/Unhide Rows, Refresh Relationships.
2. Column Level Operations: Inline editing for editable columns e.g;
a. Table Dictionary: Table Type. Table Entity, Data Domain, Subject Area, User Description & Comments.
b. Column Dictionary: Columnn Type, Entity Type, DQ Category, Sensitivity Level, CDE, User Description & Glossary Term.
3. Table Detail Page: Publish/Unpublish, Overview section (User description), Stewards, Primary Attributes, Relationships & comments.
Step 8.2 Login from that user account OR if you have already logged in, just refresh the page. Select that role and you will see that above options do not get enabled. You will be able to only View it but cannot make any modification. That is the reason because we have restricted the access to modify it. Just like that you can set any other permission from Manage role i.e View, Edit/create/Delete.
Note: This is for customer roles only not for the default roles (Admin, user, super user)
Step 9 Deleting Role
In case of Deleting a role, when you click Delete button then it will require you to transfer the control to any other role if that role has user(s) associated with it.
Note: Once you transfer the role to a different role, keep in mind that permissions will also get updated based on new role assigned here.
Step 9.1 If any role does not have any user(s) associated here, then it will further ask you to confirm and then Delete the role as shown below;
Step 10 Access denied Message when accessing with in application from a page
To understand this, lets simply take an example. If you switch off 'Table dictionary' permission for this user. Save the changes. Login from that account, click profiling and then click any table name.
Step 10.1 Since this user has no access to table dictionary, on clicking any table name, it will notify you that Permission is denied for accessing table detail page. If you click OK you will be redirected to Dashboard and if you 'Click here' then you will be redirected to main Profiling page.
Step 10.2 Access denied Message when accessing using URL
For example; you are not allowed to access Profiling module, if you copy and paste the URL "prod.dvsum.com/profiling" in new tab and hit enter then it will notify you that Access is denied
Step 10.3 If you click OK then it will redirect you to main Dashboard page as shown below;
Step 11: Other Associated Modules Permission and Permission Denied Messages
Here is the list of some other associated modules that will be operational same as above example.
- Manage / Analyze Rules
Dashboard (Rule list widget)
Profiling (Table -> View Rules)
Profiling (Table -> Data Quality -> Anayze Rule)
Profiling (Table -> Data analysis -> Add business rule)
Profiling (Table -> Data analysis -> View business rule)
Table / Column Data Dictionary (Table detail -> Data Quality section)
Comply (Action Items Grid -> Rule Id)
Manage workflow (Add / edit task -> Rule Id)
Glossary (Term Detail -> Data policy -> Rule Id)
- Table Dictionary - Table Detail
Profiling -> Table
Column Dictionary -> Dataset
Elastic Serach Results (Table Name)
Manage / Analyze Rules
- Data Prep workbench
Table / Column Data Dictionary (Table detail - > Data Preparation section)
Glossary - Term Detail (Process Workflows -> Workflow Id)
- Glossary - Term
Data Prep Workbench (Assigned asset columns -> Term)
Column Dictionary listing (Glossary Column -> Associated Term Name)
Elastic Serach Results (Term Name)