Through the Admin Settings page, administrators can manage aspects of user accounts, as well as other aspects of the instance. See Admin Settings Page.

• To make changes to individual user accounts, click Edit Users.
  

  D role
  role admin

Important Note on Permissions

Depending on your instance, access to stored assets can be governed by multiple sets of permissions. Access can be governed by:

• D s item
  item permissions r true

• Domain authentication (e.g. SSO) permissions
• Storage environment (e.g. Hadoop) permissions

When a

User Account Fields

• Name: Display name for the user.
• Email: The value is the user ID. It must resolve to a valid, accessible email address. Some features of the platform fail to work correctly with invalid email addresses.

• D s item
  item Administrator

  : Set this value to true to allow the user administrator privileges.

  Info
  NOTE: You should limit the number of administrator accounts, which have extensive privileges in the application.

• Roles:

  D s platform

  roles assigned to the user. See Platform Roles below.

• SSO Principal: If SSO is enabled, set this value to be the SSO principal value associated with this user.

  Info
  NOTE: Required value for each user if SSO is enabled. See Configure SSO for AD-LDAP.

• Hadoop Principal: If secure impersonation is enabled, set this value to be the Hadoop principal value associated with this user.

  Info
  NOTE: The user principal value should not include the realm.

  Info
  NOTE: Required value if secure impersonation is enabled. See Configure for Secure Impersonation.

  Info
  NOTE: If Kerberos is enabled, verify that all user principals that use the platform are also members of the group of the keytab user.

• Created: Timestamp when the account was created.
• Updated: Timestamp when the account was last modified.
• Disabled: If true, the account is currently disabled. Else, the account is active. Edit the user to change access.
• Last Login Time: Timestamp for when the account was last used to access the application.
  • A value of Never indicates that the account has never been used.

Edit Users

Password Reset

To reset a user's account password, click Reset Password. Copy the URL and paste it into an email to send the user.

Platform Roles

The following platform roles are supported in the

• D s item
  item Administrator

  : Provides administrator roles, which include administering users, changing configuration, and deletion of objects created by other users.

  Warning
  Avoid granting D s item item Administrator role to many users.

• Data Admin: Enables user to use file browsers to browse external file systems.

  Info
  NOTE: The Data Admin role is required to browse HDFS or other non-relational datastores. If an account lacks this role, dataset upload and download and access to JDBC data sources, including Hive, are still supported.

• Deployment: In a Development environment, this role can be added to a user's account to enable access to the Deployment Manager.

  • In a Production environment where the Deployment Manager applies to the entire instance, this role does not apply.
  • For more information, see Configure Deployment Manager.
  • For more information on Deployment Manager, see Overview of Deployment Manager.

• wrangler: Enables access to the

  D s webapp

  . All users accounts must have this role.

  Info
  NOTE: All users accounts must have this role, which cannot be modified.

AWS Config

When per-user authentication is enabled for AWS access, administrators can review and modify each user's settings for AWS authentication, click Configure.

For more information, see Configure Your Access to S3.

Disable User

Non-admin users can be enabled or disabled as needed.

• To disable a user, click the checkbox in the Disabled column. Then, click Submit.