This articles assumes that users are already added to DQ+. If you do not have users in DQ+ yet, then it is recommended to review our article on Adding Users to DQ+ first.
Managing user permissions is done completely through the DQ+ user interface. Back-end configuration is not required.
Granting Admin Access
Admin access will grant a user full access to DQ+, overriding any other permissions that are set. Admin access can be granted with the following steps:
- Go to Settings -> User within DQ+:
- Click on the user to grant admin access to, and click "Make Admin" near the top:
Sorting Users into Groups and Super Groups
DQ+ categorizes Users into two levels:
- Groups: a collection of Users
- Super Groups: a collection of Groups and/or Users
Groups are reusable throughout the DQ+ instance; however, Super Groups are specific to a single DQ+ environment. Note that "environment" refers to DQ+'s definitions of an environment, where you can have multiple environments within a DQ+ single instance.
All permissions are applied to Super Groups; Groups are solely used to aid with categorizing Users. A User may exist in multiple Groups, and Groups may exist in multiple Super Groups.
Groups and Super Groups require admin access to be created.
Adding Users to Groups
- Go to Admin -> Groups:
- Click New:
- On the Details tab, specify a Group Name:
- On the Groups Members tab, add one or more users to the Group:
- Click Save:
Adding Users and/or Groups to Super Groups
- Go to Admin -> Super Groups:
- Click New:
- Specify a name for the Super Group, and add one or more Users and/or Groups:
- Click Save:
Granting Super Groups access to Environments
If you don't already have Environments setup, or you need more information on Environments, check out our article on Understanding Environments in DQ+.
- Go to Admin -> Environments:
- In the left pane, click on an Environment from the list:
- In the right pane, add your Super Group to the Selected Super Groups selection:
- Go to the Roles tab and click Add:
- Select one or more permissions, and specify which Super Groups to apply those permissions to. If you need a different sets of permissions for each Super Group, then repeat the previous step and this step for each permission-Super Group combination. The specifics of each Permission can be found within the "Assigning Roles to Super Groups" section of our DQ+ Administrator Guide.
- Click Save on the Role dialog box, and also save the changes to the Environment.
Permissions to an Environment are now complete. More granular permissions can be applied within an Environment too, which is covered in the next section.
Assigning Permissions to Pipelines, Paths and Individual Objects
Permissions of objects are applied to the same Super Groups who were granted access to the Environment. For example, if a User does not have access to the Environment, you cannot override that at the Pipeline level. The Super Group must be added to the Environment first.
Similar to Environment-level permissions, object-level permissions can be applied on a Super Group-by-Super Group basis.
- Select a Pipeline and click Edit -> Edit Settings. If you don't have a Pipeline, you can click New -> Pipeline instead.
- Switch to the Security tab and click Add:
- Select one or more permissions, and specify which Super Groups to apply those permissions to. If you need a different sets of permissions for each Super Group, then repeat the previous step and this step for each permission-Super Group combination. The specifics of each Permission can be found within the "Pipeline Permission/Action Matrix" section of our DQ+ Administrator Guide.
- Click Save on the Permission dialog box, and also save the changes to the Pipeline.
The steps above can be repeated for each subsequent objects. By default, objects will inherit permissions from their parent. This can be overridden by repeating the steps above to provide new permissions.