How do I manage user dataset access using roles (RBAC)?

Below are some high level points which should get you started.

  • Unless you are an Admin role or the owner of the dataset, for anyone else to access a dataset, specific permissions on that dataset must be set (tagging)
  • Tagging is done using fixed permissions sets: view, edit, update are the most common but there are others
  • Dataset-level permissions sets must be applied to roles: user and admin are the standard ones but others can be created
  • Each dataset should have only one tag of each type, although a permission type can be applied to multiple roles  e.g.
view:hrbp,admin,exec
edit:hrcentral,finance
  • Note that when setting Apply Tag (see screenshot at the end of the article) a different permission type must be set on a different line, but once saved each permission type will appear on the same line separated by ; i.e. the above example will display as
view:hrbp,admin,exec;edit:hrcentral,finance 
  • Multiple tags will not operate correctly when applied to one dataset e.g.
view:hrbp
view:admin
view:exec

 

The following approach is the minimum for a given user (name) to have access:

  • Ensure username has an entry in the users table with at least role "user".  If you do not access you will have to consult your admin to do this
  • Now username should have access but so will everyone else that is a user in that dataset


The following is a general example of managing user dataset access using roles

  • (I will invent a new role ftb to demonstrate)
  • Ensure username has an entry in the users table with at least role "user".
  • Update the role to state "user,ftb"

 

  • If I want anyone else to have the ftb role, I can update in the user table in the same way
  • Update the dataset tag.  If I want username to be the only one to make changes, I set the tag as "update:ftb", although if anyone else has the ftb role, they can now make changes
  • If I want to let everyone see the dataset but only have username make changes, I set the tag "view:user,update:ftb"

 

 

 

 

 

 

 

Have more questions? Submit a request

Comments