Users, Roles & Community

For identity and access management, you can manage users in Pentaho Data Catalog from the Manage Your Environment page.

Users with the Admin role and users who have been assigned Admin permissions in a community are the only users that can create users or manage their permissions.

Data Catalog comes with a set of default user roles to assign role-based access to users. That access can be fine tuned with communities.

At least one role or community must be assigned to a user when the user is created. Multiple roles or communities can be assigned to a user, if the permissions granted are mutually exclusive and are not derived from the same default role.

Perform the following steps to add a 'system_admin' user:

From the Users & Communities card, click: Add New and select Add User.

Enter the following information for the user.

User Information

Username

system_admin@hv.com

Email

system_admin@hv.com

First name

System

Last name

Admin

Click Add Roles.
Select the following checkboxes for the role or roles to assign to the user.

When you are finished assigning permissions, click Done.
Verify the user credentials - follow the steps outlined the tab: Keycloak.

Data Catalog provides default user roles with role-based permissions that enable administrators to control access as necessary across Data Catalog. Administrators can also fine-tune access by creating communities of users to which they assign specific permissions, such as access to particular data source types or business glossaries.

The following table shows the access permitted by default for a user with the Business User or Data User role. For example, a user with the Business User role can view business glossaries but cannot view data sources.

The Data User role has all the access of a Business User, and access to data associated with the user's line of business. The data may be masked when deemed sensitive or confidential.

Role

Permission Type

Actions

Business User

Business Glossary

View

Data User

Business Glossary

View

Data Sources

View, AddContent, DeleteContent, ViewDashboard

A community is a custom role that is used to fine-tune access to specific actions or Data Catalog assets. For example, you can use a community to restrict access for a group of users to a subset of glossaries and data sources.

At least one role or community must be assigned to a user when the user is created. Multiple roles or communities can be assigned to a user, if the permissions granted are mutually exclusive and are not derived from the same default role.

Let's create a community: Synthea_Data_Governance_Council

Data Steward Role restricted to postgesql:synthea datasource

From the Users & Communities card on the Manage Your Environment page, click Add New and select Add Community.
Enter Community name: Synthea_Data_Governance_Council.
Select Role: Data Steward
(Optional) Enter a description of the community.
In the Permissions area, select the checkboxes of permissions per feature that you want the users in the community to have. Checkboxes that are grayed out cannot be selected.
Finally in the Scope, expand Data Sources & select: posrgresql:synthea

The following test_user has been assigned a data_steward role.

In the Users area, select: test_user & add to the community.

x

The user email address @hv.com obviously cannot be verified, so you'll need to confirm in Keycloak.

Login into Keycloak admin: https://pdc.pentaho.example/keycloak/admin

Username

admin

Password

admin

Select: 'pdc' realm & Users -> Credentials

Reset the password: Welcome123!
Login as: system_admin@hv.com

x

Accessing Your Catalog

Accessing Your Catalog