Working with Users

Warning

If you are using the federated template, all Users administratives tasks should be executed on Micosoft Active Directory Domain Services (AD DS) server. The only exception for this rule if API Access management.

For greater security and organization, you can give access to your data lake to specific users that you invite. A user can have one of two roles:

  1. Member: The member role can perform non-administrative actions within the data lake. These actions include the following:

    • View and search packages if the owner or visible package in a member group
    • Add, remove, and generate manifests for packages in their cart
    • Create, update, and delete packages they created
    • Create and update metadata on the packages they created
    • Add and remove datasets from the packages they created
    • View their data lake profile and API access information
    • Generate a secret access key if an Administrator has granted them API access

  2. Admin: The admin role has full access to the data lake. The admin role can perform the following actions in addition to the member role actions:

    • Create user invitations and assign users to one or more groups
    • Create, update, delete groups
    • Update, disable, enable, and delete data lake users.
    • Assign, delete, and reassign users to groups
    • Create, revoke, enable, and disable a user's API access
    • Update data lake settings
    • Create, update, and delete governance settings

Invite a user

Use the following steps to invite a user to join your data lake:

  1. In the navigation pane, under the Administration section select Users, and select Invite User.
  2. In the provided text field Name, type the user's full name, such as John Doe. Text field is required.
  3. In the provided text field Email, type the email address of the user you want to invite to access the data lake. Email is required and must be unique in the data lake.
  4. Choose the appropriate role for the invited user.
  5. Select Create Invitation to create the account and send an email invitation. The email invitation includes a temporary password and a link to login to the data lake.

Screenshot

Note: User invitations expire in 7 days if the new user does not sign in to the data lake.

Change a user's role

Use the following steps to update the role assigned to a user:

  1. In the navigation pane, under the Administration section select Users, and select the pencil icon next to a user.
  2. On the Details tab, change the Role for the user.
  3. Select Save.

Screenshot

Change a user's groups

Use the following steps to update the groups that the user is member of:

  1. In the navigation pane, under the Administration section select Users, and select the pencil icon next to a user.
  2. On the Details tab, change the Groups for the user.
  3. Select Save.

Screenshot

Disable a user

Use the following steps to disable a user:

Note that once a user is disabled, the user's access to the data lake is immediately denied.

  1. In the navigation pane, under the Administration section select Users, and select the pencil icon next to a user.
  2. Select Disable User.

Screenshot

Enable a user

Use the following steps to enable a user:

Screenshot

Delete a user

Use the following steps to delete a user:

Note that when a user is deleted, the user's account is removed from the data lake. However, all content that was added to the data lake by the user is retained.

  1. In the navigation pane, under the Administration section select Users , and select the pencil icon next to a user.
  2. On the Details tab, expand the Delete User section.

  3. Select Delete to remove the user account.

    Screenshot 4. Select Delete to confirm that you want to delete the user, or Cancel if you do not wish to proceed.

    Screenshot

Grant user API access

Use the following steps to grant a user access to the data lake via API:

Note that when granting a user access via the API, an Access Key is generated for the user. By granting a user access to the API, the user can interact directly with the data lake via API (or CLI).

  1. In the navigation pane,under the Administration section select Users , and select the pencil icon next to a user.

  2. On the API Access tab, select Generate Access Key.

    Screenshot

Deactivate user access key

Use the following steps to deactivate a user's access key:

Note that when deactive a user's access key, the user's ability to interact with the data lake via API (or CLI) is immediately denied.

  1. In the navigation pane, under the Administration section select Users , and select the pencil icon next to a user.

  2. On the API Access tab, select Make Inactive next to the user's access key.

    Screenshot

Activate user access key

Use the following steps to activate a user's access key that was previously deactivated.

Note that when activating a user's access key, the user's ability to interact with the data lake via API (or CLI) is immediately restored.

  1. In the navigation pane, under the Administration section select Users , and select the pencil icon next to a user.

  2. On the API Access tab, select Make Active next to the user's access key.

    Screenshot

Delete user access key

Use the following steps to delete a user's access key.

Note that when a user's access key is deleted, the user's ability to interact with the data lake via API (or CLI) is immediately denied.

  1. In the navigation pane, under the Administration section select Users , and select the pencil icon next to a user.

  2. On the API Access tab, select Delete next to the user's access key.

    Screenshot