Skip to main content

Pentaho+ documentation is moving!

The new product documentation portal is here. Check it out now at docs.hitachivantara.com

 

Hitachi Vantara Lumada and Pentaho Documentation

Manage users

Parent article

For identity and access management, you can specify users in Data Catalog using Keycloak. By default, as the administrator, you can access the Keycloak LDC-realm page to manage user settings.

Roles are part of a global namespace, which manages the users, credentials, roles, and groups in Data Catalog. The Administrator role is the default realm role available to your organization.

The role mappings you define set the permission types between a role and a user. You can associate a user with one or more roles, or none. For example, you can assign Steward and Analyst roles that allow those users to create and apply terms to files and fields respectively for the applicable domains. For ease of management, you may want to assign access and permissions to specific roles rather than individual users, which can be difficult as the number of users changes over time.

You can manage users by adding, editing, and deleting users, as well as assigning users to roles.

Add a user

Data Catalog user profiles include the user name that Keycloak uses to authenticate the user and the role or roles that determine user access to data and metadata. For more information about using roles to manage user access to Data Catalog metadata, see Role-based access control (RBAC).

Perform the following steps to add a user:

Procedure

  1. Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:

    http://<IPAddress>:30880/auth

    The Welcome page opens.
  2. Click Administrative Console then enter your credentials.

    The LDC-realm page of Keycloak opens.
  3. Click Users.

    The Users page opens.
  4. Click Add Users.

    The Add Users page opens.
  5. Enter the information for the user and then click Save.

    User names must start with a letter and must contain only letters, digits, hyphens, or underscores. No white spaces are allowed before or after a name. Also, make sure the name strings do not match any Data Catalog reserved names.The user's page opens.
  6. Select the Credentials tab.

    The Credentials page opens.
  7. Enter the user’s password and then click Set Password.

    The password for the user is confirmed.
  8. Click the Role Mappings tab.

    The Role Mappings page opens.
  9. In Available Roles, select the role(s) you want to assign the user and then click Add selected.

  10. In Assigned Roles, remove any role(s) that you do not want assigned for this user, then click Remove selected.

    The Effective Role field indicates the current assignments for the user and the role mappings are updated.
  11. Log out of Keycloak.

Results

The user is created with the role(s). To assign additional roles or a different role, see Assign a user to a role.

Assign a user to a role

In Data Catalog, you can assign roles and allow users to execute tasks according to their responsibilities. Multiple roles can be assigned to a user.

You can also set additional roles as default roles. Refer to Set a role as default for more information.

Perform the following steps to assign a user to a role:

Procedure

  1. Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:

    http://<IPAddress>:30880/auth

    The Welcome page opens.
  2. Click Administrative Console then enter your credentials.

    The LDC-realm page of Keycloak opens.
  3. Click Users.

    The Users page opens.
  4. Locate the Username that you want to assign the role to and click its ID.

    The user's page opens.
  5. Click the Role Mappings tab.

    The Role Mappings page opens.
  6. In Available Roles, select the role or roles that you want to assign to the user and then click Add selected.

  7. In Assigned Roles, remove any role or roles that you do not want for this user then click Remove selected.

    The Effective Role field indicates the current assignments for the user and the role mappings are updated.
  8. Log out of Keycloak.

Results

The role or roles are assigned to the user.

Assigning a user to multiple roles

You can assign multiple roles to one user. When more than one role is assigned to a user, the role access permissions are accumulative. If a user is assigned more than one role, their resulting access is the sum total of each individual role.

For example, user sam_admin has been assigned the role of Admin and the custom roles of Data_Steward and Business_Analyst. The user sam_admin will get the Admin permissions that have the most unrestricted access.

NoteYour software license determines user-based entitlement. Contact your sale representative if you have questions about this feature.

See Assign a user to a role for detailed assignment instructions.

Remove a user from a role

You can remove assigned user roles from user accounts. Users without an assigned role only have viewing permissions.

Perform the following steps to delete an assigned user role:

Procedure

  1. Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:

    http://<IPAddress>:30880/auth

    The Welcome page opens.
  2. Click Administrative Console then enter your credentials.

    The LDC-realm page of Keycloak opens.
  3. Click Users.

    The Users page opens.
  4. Locate the Username that you want to remove a role from and click its ID.

    The user's page opens.
  5. Click the Role Mappings tab.

    The Role Mappings page opens.
  6. In Assigned Roles, select the role or roles that you do not want for this user and then click Remove selected.

    The Effective Role field indicates the current assignments for the user and the role mappings are updated, removing the role or roles from the user.
  7. Log out of Keycloak.

    The role is removed from the user.

Edit a user

Perform the following steps to edit a user's information in Data Catalog:

Procedure

  1. Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:

    http://<IPAddress>:30880/auth

    The Welcome page opens.
  2. Click Administrative Console then enter your credentials.

    The LDC-realm page of Keycloak opens.
  3. In Manage, click Users.

    The Users page opens.
  4. Click the ID of the user that you want to edit.

    The user's page opens. The user's details are displayed.
  5. Click the Credentials tab then edit the user’s credentials. You can edit the password and reset credentials.

  6. Click Save.

    The user information is updated.
  7. Log out of Keycloak.

Delete a user

You can delete a user if the user no longer needs access to Data Catalog.

NoteYou cannot delete a default user.

Perform the following steps to delete a user:

Procedure

  1. Launch a Web browser and enter the URL of the Keycloak web server provided by your administrator:

    http://<IPAddress>:30880/auth

    The Welcome page opens.
  2. Click Administrative Console then enter your credentials.

    The LDC-realm page of Keycloak opens.
  3. Click Users.

    The Users page opens.
  4. Locate the Username of the user that you want to delete then click Delete.

  5. Confirm and click Save.

    The user is deleted.
  6. Log out of Keycloak.