Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r0642

D toc

Through the Admin Settings page, administrators can manage aspects of user accounts, as well as other aspects of the instance. See Admin Settings Page.

  • To make changes to individual user accounts, click Edit Users.
    D role
    roleadmin

Important Note on Permissions

Depending on your instance, access to stored assets can be governed by multiple sets of permissions. Access can be governed by:

  • D s item
    itempermissions
    rtrue
  • Domain authentication (e.g. SSO) permissions
  • Storage environment (e.g. Hadoop) permissions

When a

D s item
itemuser
shares a resource with another user, that second user may not have access to the underlying resource if one of the other permission sets does not provide it. In the
D s webapp
, the issue may be surfaced as a generic read or access error, which may be difficult for end users to debug.

Tip

Tip: Where possible, you should use a single principal user for

D s item
itemusers
. If that is not possible, you should verify consistency in access permissions between
D s platform
and the underlying storage environment.

User Account Fields

  • Name: Display name for the user.
  • Email: The value is the user ID. It must resolve to a valid, accessible email address. Some features of the platform fail to work correctly with invalid email addresses.
  • D s item
    itemAdministrator
    : Set this value to true to allow the user administrator privileges.

    Info

    NOTE: You should limit the number of administrator accounts, which have extensive privileges in the application.

  • Roles:
    D s platform
    roles assigned to the user. See Platform Roles below.
  • SSO Principal: If SSO is enabled, set this value to be the SSO principal value associated with this user.

    Info

    NOTE: Required value for each user if SSO is enabled. See Configure SSO for AD-LDAP.

  • Hadoop Principal: If secure impersonation is enabled, set this value to be the Hadoop principal value associated with this user.

    Info

    NOTE: The user principal value should not include the realm.

    Info

    NOTE: Required value if secure impersonation is enabled. See Configure for Secure Impersonation.

    Info

    NOTE: If Kerberos is enabled, verify that all user principals that use the platform are also members of the group of the keytab user.

  • Created: Timestamp when the account was created.
  • Updated: Timestamp when the account was last modified.
  • Disabled: If true, the account is currently disabled. Else, the account is active. Edit the user to change access.
  • Last Login Time: Timestamp for when the account was last used to access the application.
    • A value of Never indicates that the account has never been used.

Edit Users

Password Reset

Info

NOTE:

D s deskapp
users cannot complete this method for password reset. Users of this version must use the self-service method of password reset, which must be enabled in the
D s platform
. For more information, see Enable Self-Service Password Reset.

To reset a user's account password, click Reset Password. Copy the URL and paste it into an email to send the user.

Tip

Tip: If you are using Chrome for Windows, press CTRL+C in the popup to select the password reset URL.

Platform Roles

The following platform roles are supported in the

D s platform
.

  • D s item
    itemAdministrator
    : Provides administrator roles, which include administering users, changing configuration, and deletion of objects created by other users.

    Warning

    Avoid granting

    D s item
    itemAdministrator
    role to many users.

  • Data Admin: Enables user to use file browsers to browse external file systems.

    Info

    NOTE: The Data Admin role is required to browse HDFS or other non-relational datastores. If an account lacks this role, dataset upload and download and access to JDBC data sources, including Hive, are still supported.

  • Deployment: In a Development environment, this role can be added to a user's account to enable access to the Deployment Manager.

  • user: Please ignore this role. It does nothing at present.

  • admin: Please ignore this role. It does nothing at present.
  • wrangler: Enables access to the

    D s webapp
    . All users accounts must have this role.

    Info

    NOTE: All users accounts must have this role, which cannot be modified.

AWS Config

When per-user authentication is enabled for AWS access, administrators can review and modify each user's settings for AWS authentication, click Configure.

Info

NOTE: When you return from configuring S3 access, your changes there have already been saved.

For more information, see Configure Your Access to S3.

Disable User

Non-admin users can be enabled or disabled as needed.

  • To disable a user, click the checkbox in the Disabled column. Then, click Submit.