Skip to content

User/Groups/Roles

Concepts in Access Management#

For conceptual background, see How Access Management Works.

Manage data access for users, groups, and roles.

Users#

Data access users are identified in the creation and definition of Resource Policies. Users may be included or excluded specifically or in groups.

  • User Source value reflects the method of their creation or import (source).

    • Internal users - created within your Access Management account. Adninistrative users are Users: 'admin', 'rangerusersync', 'keyadmin', 'rangertagsync', and '{OWNER}' are created by the system.

    • External users:

      • A data access user with the same username as the first 'Administrator'/ Portal user;

      • A 'service' user for each data resource service (e.g. 'hive', 's3', ...);

      • Users imported User Sync with an LDAP or Active Directory. ​

  • Visibility indicates if a user is listed when creating or editing a Policy in Access Management: Resource Policies. If a user is Visible, they will be found and selectable under "Select User" column.  If a user is Hidden, they will not be selectable. This is useful when your account has been synchronized with a user directory with a large number of users. Visibility may be set by selecting a user object row (on the left side of the table, and using the 'Visibility' action (between +Add and Delete).

  • User Role here is one of ('User', 'Administrator', or 'Auditor').  Note that this user Role is different than the custom Roles defined in the User Management: Roles tab.

Use the Search control to limit displayed objects those matching a specific value.  First select a column name, then a value. The table will be filtered to show only those objects that match the value. Users objects may be added, edited, or deleted.

Add Users#

  1. From the home page, click Access Management > Users/Groups/Roles

  2. Select the Users tab and click +Add. The Add User pop-up displays.

  3. Enter the user details.

  4. Click Save.

Add Discovery User for Encryption Service#

To use encryption in compliance and ETL policies of the Discovery service, you need to add privacera_service_discovery user in the Users/Groups/Roles of Access Management.

  1. From the home page, click Settings > Users Management.

  2. In the Portal Users tab, on the User Management page, click the edit button next to the privacera_service_discovery user.

  3. On the Edit User page, click Save.

  4. After saving, verify if the privacera_service_discovery has been added. Go to Access Management > Users/Groups/Roles > USERS tab.

  5. Add the user in Schema Policies. See Add User in Default Policy.

  6. Add the user in Ranger KMS. See Set User Access for Encryption Service.

Edit Users#

  1. From the home page, click Access Management > Users/Groups/Roles

  2. Under the Users tab, select the User and click the pen icon in the Actions column.

  3. Modify the user details.

    Note: For external users, you can only edit the user role and password.

  4. Click Save.

Groups#

Use groups to manage multiple users with similar data access needs. A user can belong to more than one group.

Add Groups#

  1. From the home page, click Access Management > Users/Groups/Roles

  2. Select the Groups tab and click +Add. The Add User pop-up displays.

  3. Enter the group details.

  4. Click Save.

Edit Groups#

To edit the user, use the following steps:

  1. From the home page, click Access Management > Users/Groups/Roles

  2. Select the Groups tab.

  3. Select the group and click the pen icon in Actions column.

    Note: You can edit only the description.

  4. Click Save.

Roles#

Assign roles to users based on job functions.

Add Roles#

  1. From the home page, click Access Management > Users/Groups/Roles.

  2. Select the Roles tab and click +Add.

  3. Enter the role details and click Save.

Edit Roles#

  1. From the home page, click Access Management > Users/Groups/Roles

  2. Select the Roles tab.

  3. Select the role and click the pen icon in Actions column.

  4. Click Save.