Manage users
For identity and access management, you can specify users in Data Catalog using Keycloak. By default, as the administrator, you can access the Keycloak LDC-realm page to manage user settings.
Roles are part of a global namespace, which manages the users, credentials, roles, and groups in Data Catalog. The Administrator role is the default realm role available to your organization.
The role mappings you define set the permission types between a role and a user. You can associate a user with one or more roles, or none. For example, you can assign Steward and Analyst roles that allow those users to create and apply terms to files and fields respectively for the applicable domains. For ease of management, you may want to assign access and permissions to specific roles rather than individual users, which can be difficult as the number of users changes over time.
You can manage users by adding, editing, and deleting users, as well as assigning users to roles.
Add a user
Perform the following steps to add a user:
Procedure
Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:
The Welcome page opens.http://<IPAddress>:30880/auth
Click Administrative Console then enter your credentials.
The LDC-realm page of Keycloak opens.Click Users.
The Users page opens.Click Add Users.
The Add Users page opens.Enter the information for the user and then click Save.
User names must start with a letter and must contain only letters, digits, hyphens, or underscores. No white spaces are allowed before or after a name. Also, make sure the name strings do not match any Data Catalog reserved names.The user's page opens.Select the Credentials tab.
The Credentials page opens.Enter the user’s password and then click Set Password.
The password for the user is confirmed.Click the Role Mappings tab.
The Role Mappings page opens.In Available Roles, select the role(s) you want to assign the user and then click Add selected.
In Assigned Roles, remove any role(s) that you do not want assigned for this user, then click Remove selected.
The Effective Role field indicates the current assignments for the user and the role mappings are updated.Log out of Keycloak.
Results
Assign a user to a role
You can also set additional roles as default roles. Refer to Set a role as default for more information.
Perform the following steps to assign a user to a role:
Procedure
Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:
The Welcome page opens.http://<IPAddress>:30880/auth
Click Administrative Console then enter your credentials.
The LDC-realm page of Keycloak opens.Click Users.
The Users page opens.Locate the Username that you want to assign the role to and click its ID.
The user's page opens.Click the Role Mappings tab.
The Role Mappings page opens.In Available Roles, select the role or roles that you want to assign to the user and then click Add selected.
In Assigned Roles, remove any role or roles that you do not want for this user then click Remove selected.
The Effective Role field indicates the current assignments for the user and the role mappings are updated.Log out of Keycloak.
Results
Assigning a user to multiple roles
You can assign multiple roles to one user. When more than one role is assigned to a user, the role access permissions are accumulative. If a user is assigned more than one role, their resulting access is the sum total of each individual role.
For example, user sam_admin
has been assigned the role of Admin and the custom roles of Data_Steward and Business_Analyst. The user sam_admin
will get the Admin permissions that have the most unrestricted access.
See Assign a user to a role for detailed assignment instructions.
Remove a user from a role
Perform the following steps to delete an assigned user role:
Procedure
Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:
The Welcome page opens.http://<IPAddress>:30880/auth
Click Administrative Console then enter your credentials.
The LDC-realm page of Keycloak opens.Click Users.
The Users page opens.Locate the Username that you want to remove a role from and click its ID.
The user's page opens.Click the Role Mappings tab.
The Role Mappings page opens.In Assigned Roles, select the role or roles that you do not want for this user and then click Remove selected.
The Effective Role field indicates the current assignments for the user and the role mappings are updated, removing the role or roles from the user.Log out of Keycloak.
The role is removed from the user.
Edit a user
Procedure
Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:
The Welcome page opens.http://<IPAddress>:30880/auth
Click Administrative Console then enter your credentials.
The LDC-realm page of Keycloak opens.In Manage, click Users.
The Users page opens.Click the ID of the user that you want to edit.
The user's page opens. The user's details are displayed.Click the Credentials tab then edit the user’s credentials. You can edit the password and reset credentials.
Click Save.
The user information is updated.Log out of Keycloak.
Delete a user
Perform the following steps to delete a user:
Procedure
Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:
The Welcome page opens.http://<IPAddress>:30880/auth
Click Administrative Console then enter your credentials.
The LDC-realm page of Keycloak opens.Click Users.
The Users page opens.Locate the Username of the user that you want to delete then click Delete.
Confirm and click Save.
The user is deleted.Log out of Keycloak.